| |
| |||||||
Log-Analyse und Auswertung: 3 Conhost.exe Prozesse , auch ich habe Sie , HELPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.08.2013, 18:59
| #1 |
| |  3 Conhost.exe Prozesse , auch ich habe Sie , HELP Hallo , Ich wurde zu euch verwiesen , da ihr angeblich die besten seit  Hab schon ein paar sachen hier gelesen über diese Conhost Prozesse . Ich hab auch 3 Stück und einer ist für mich sehr verdächtig . Man kan weder Dateipfad öffnen noch sehen weder schließen .... Hier ist halt ne ganze Familie am Laptop und nun hab ich den veracht das was nicht stimmt . Da vorhin Groß dran stand , ich darf nichts auf eigene Faust unternehmen , würde ich es toll finden wenn ihr mir helfen könntet. lg Michi  |
|
23.08.2013, 19:05
| #2 |
| /// TB-Ausbilder   | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP Hallo Michi,
__________________diese 3 Prozesse sind nicht zwingend Grund zur Sorge.. Aber schauen wir mal genauer hin: Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.
__________________ |
|
23.08.2013, 19:21
| #3 |
| | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP So hier sind die Logfiles
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:03 on 23/08/2013 (Mikko)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013 01 Ran by Mikko at 2013-08-23 20:10:10 Running from C:\Users\Mikko\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Alienware Command Center (Version: 2.7.28.0) Alienware Command Center (x32 Version: 2.7.28.0) Alienware On-Screen Display (x32 Version: 0.32.0.2C) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.0.8.8) Avira Free Antivirus (x32 Version: 13.0.0.3885) Bonjour (Version: 3.0.0.10) ckerdeinstallation für EPSON SX210 Series EMSC (x32 Version: 0.0.0.22C) eMule (x32) EPSON Scan (x32) FIFA 13 (x32 Version: 1.8.0.0) Foxit Advanced PDF Editor 3 (x32 Version: 3.0.0.0) Foxit Reader (x32 Version: 6.0.3.524) iFunbox (v2.1.2228.731), iFunbox DevTeam (x32 Version: v2.1.2228.731) Intel PROSet Wireless Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 8.0.1.1399) Intel(R) OpenCL CPU Runtime (x32) Intel(R) Processor Graphics (x32 Version: 9.17.10.2932) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096) Intel(R) Rapid Storage Technology (x32 Version: 11.0.0.1032) Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214) Intel® PROSet/Wireless WiFi-Software (Version: 15.01.1000.0927) Intel® Trusted Connect Service Client (Version: 1.23.219.2) iolo technologies' System Mechanic (x32 Version: 11.1.6) iTunes (Version: 11.0.4.4) JDownloader 0.9 (x32 Version: 0.9) Lumac (x32 Version: 1.1.92.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Xbox 360 Accessories 1.2 (Version: 1.20.146.0) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) NVIDIA 3D Vision Treiber 320.49 (Version: 320.49) NVIDIA GeForce Experience 1.6 (Version: 1.6) NVIDIA Grafiktreiber 320.49 (Version: 320.49) NVIDIA HD-Audiotreiber 1.3.24.2 (Version: 1.3.24.2) NVIDIA Install Application (Version: 2.1002.131.854) NVIDIA Optimus 7.2.17 (Version: 7.2.17) NVIDIA PhysX (x32 Version: 9.13.0604) NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049) NVIDIA Systemsteuerung 320.49 (Version: 320.49) NVIDIA Update 7.2.17 (Version: 7.2.17) NVIDIA Update Components (Version: 7.2.17) NVIDIA Virtual Audio 1.2.1 (Version: 1.2.1) OpenOffice 4.0.0 (x32 Version: 4.00.9702) Origin (x32 Version: 9.3.1.4482) Realtek PCIE Card Reader (x32 Version: 6.1.7601.28094) SHIELD Streaming (Version: 1.05.19) Sound Blaster Recon3Di (x32 Version: 1.00.08) ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.12.0022) Synaptics Pointing Device Driver (Version: 16.0.2.0) VirtualDJ PRO Full (x32 Version: 7.3) VLC media player 2.0.7 (Version: 2.0.7) WinRAR 4.20 (64-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 22-08-2013 09:55:35 Installed Lumac ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {4B31CFEB-F595-4C98-815E-CA14CB3A6986} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-826259500-1292757758-4240772575-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File Task: {F41523FF-BFC1-419F-8AA6-4C37873A72E5} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-826259500-1292757758-4240772575-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe No File ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/23/2013 07:23:24 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 07:23:23 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 07:23:23 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:52:18 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 05:52:17 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 05:52:17 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:24:03 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 05:24:02 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:24:02 PM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 11:36:10 AM) (Source: NvStreamSvc) (User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] System errors: ============= Error: (08/23/2013 07:23:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:23:32 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:23:30 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:23:28 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:23:23 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:22:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:22:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 07:22:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 05:54:03 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Error: (08/23/2013 05:53:43 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT) Description: Fehler beim Lesen der Datei für lokale Hosts. Microsoft Office Sessions: ========================= Error: (08/23/2013 07:23:24 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 07:23:23 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 07:23:23 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:52:18 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 05:52:17 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 05:52:17 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:24:03 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] Error: (08/23/2013 05:24:02 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/23/2013 05:24:02 PM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcNvVAD endpoint registered successfully [0] Error: (08/23/2013 11:36:10 AM) (Source: NvStreamSvc)(User: ) Description: NvStreamSvcUnregistering VAD endpoint [0] ==================== Memory info =========================== Percentage of memory in use: 19% Total physical RAM: 14218.31 MB Available physical RAM: 11453.85 MB Total Pagefile: 28434.8 MB Available Pagefile: 25441.93 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.24 GB) (Free:46.1 GB) NTFS Drive d: () (Fixed) (Total:456.99 GB) (Free:423.93 GB) NTFS Drive f: (USB) (Removable) (Total:14.72 GB) (Free:14.63 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 4C4C76F9) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=457 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: D6AF3C52) Partition 1: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 15 GB) (Disk ID: 299D7A17) Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
23.08.2013, 20:15
| #4 |
| | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP und FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013 01
Ran by Mikko (administrator) on 23-08-2013 20:09:55
Running from C:\Users\Mikko\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\sysWow64\CtHdaSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdcBase.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2886416 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [12616 2012-02-09] (Alienware)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdcBase.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
HKLM-x32\...\Run: [Sound Blaster Recon3Di Control Panel] - C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe [880640 2011-12-21] (Creative Technology Ltd)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-19] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-20] (Avira Operations GmbH & Co. KG)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll, C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll c:\progra~2\nvidia~1\nvstre~1\rxinput.dll [214448 2013-06-21] (NVIDIA Corporation)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9839F01FAF237FC5&affID=120665&tsp=4982
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default
FF user.js: detected! => C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\user.js
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Extension: DownloadHelper - C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: No Name - C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-20] (Avira Operations GmbH & Co. KG)
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2012-03-27] (Creative Technology Ltd)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1028464 2012-10-19] (iolo technologies, LLC)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-01] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] ()
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-06-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1052760 2012-03-27] (Creative Technology Ltd)
R3 dcdbas; C:\Windows\System32\DRIVERS\dcdbas64.sys [38472 2011-02-02] (Dell Inc.)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [284448 2013-06-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics)
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-23 20:08 - 2013-08-23 20:08 - 01576584 _____ (Farbar) C:\Users\Mikko\Desktop\FRST64.exe
2013-08-23 20:03 - 2013-08-23 20:03 - 00000472 _____ C:\Users\Mikko\Desktop\defogger_disable.log
2013-08-23 20:03 - 2013-08-23 20:03 - 00000000 _____ C:\Users\Mikko\defogger_reenable
2013-08-23 20:02 - 2013-08-23 20:02 - 00050477 _____ C:\Users\Mikko\Desktop\Defogger.exe
2013-08-23 19:02 - 2013-08-23 19:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 19:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-23 19:01 - 2013-08-23 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mikko\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-23 18:57 - 2013-08-23 10:40 - 2068916225 _____ C:\Users\Mikko\Downloads\nsane-pag.avi
2013-08-23 18:57 - 2013-08-23 10:40 - 00003560 _____ C:\Users\Mikko\Downloads\nsane-pag.nfo
2013-08-23 18:57 - 2013-08-23 10:40 - 00000341 _____ C:\Users\Mikko\Downloads\www.goldesel.to - www.charts.to .txt
2013-08-23 18:57 - 2013-08-23 10:40 - 00000291 _____ C:\Users\Mikko\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-08-23 18:57 - 2013-08-23 10:40 - 00000220 _____ C:\Users\Mikko\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url
2013-08-23 18:24 - 2013-08-23 18:50 - 1032412076 _____ C:\Users\Mikko\Downloads\Pain.and.Gain-NSane.part2.rar
2013-08-23 18:24 - 2013-08-23 18:47 - 1036509053 _____ C:\Users\Mikko\Downloads\Pain.and.Gain-NSane.part1.rar
2013-08-23 17:33 - 2013-08-23 17:35 - 94875014 _____ C:\Users\Mikko\Downloads\Various Artists - The Jump Off by DJ Smurf DJ Maxxwell.rar
2013-08-23 10:03 - 2013-08-23 10:08 - 91245591 _____ C:\Users\Mikko\Downloads\System-Mechanic-Professional-11.0.5.2.rar
2013-08-22 13:02 - 2013-08-23 19:17 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-22 13:02 - 2013-08-22 13:02 - 00000000 ____D C:\ProgramData\Babylon
2013-08-22 11:55 - 2013-08-22 11:55 - 00000000 ____D C:\Program Files (x86)\Lumac
2013-08-21 14:45 - 2013-08-22 12:06 - 00000000 ____D C:\Users\Mikko\Downloads\HP
2013-08-21 14:45 - 2013-08-21 14:45 - 00000000 ____D C:\Users\Mikko\Downloads\Papa
2013-08-21 10:07 - 2013-08-21 10:08 - 00000037 _____ C:\Users\Mikko\Downloads\Neues Textdokument.txt
2013-08-20 11:50 - 2013-08-20 18:34 - 00000000 ____D C:\Users\Mikko\AppData\Local\Origin
2013-08-20 11:49 - 2013-08-23 17:52 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-20 09:19 - 2013-08-20 09:31 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-20 09:19 - 2013-08-20 09:19 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Malwarebytes
2013-08-20 09:19 - 2013-08-20 09:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 09:17 - 2013-08-20 09:21 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Systweak
2013-08-20 09:17 - 2013-08-20 09:20 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-20 09:17 - 2013-07-22 16:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2013-08-20 09:10 - 2013-08-22 12:14 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\LumacDaemon
2013-08-20 09:10 - 2013-08-20 09:10 - 00000000 ____D C:\Users\Mikko\AppData\Local\Firstload
2013-08-20 09:08 - 2013-08-23 18:59 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-19 14:00 - 2013-08-19 14:00 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Avira
2013-08-18 19:20 - 2013-08-22 13:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-16 20:53 - 2013-08-16 20:53 - 00000000 ____D C:\Users\Mikko\dwhelper
2013-08-16 11:00 - 2013-08-16 11:05 - 00000018 _____ C:\Users\Mikko\Desktop\Neues Textdokument.txt
2013-08-15 20:09 - 2013-08-15 20:09 - 00064336 _____ C:\Users\Mona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 20:09 - 2013-08-15 20:09 - 00000020 ___SH C:\Users\Mona\ntuser.ini
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Vorlagen
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Startmenü
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Netzwerkumgebung
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Lokale Einstellungen
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Eigene Dateien
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Druckumgebung
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Documents\Eigene Musik
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Documents\Eigene Bilder
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\AppData\Local\Verlauf
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\AppData\Local\Anwendungsdaten
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Anwendungsdaten
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\Documents\AlienFX
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Intel Corporation
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Intel
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Adobe
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Local\VirtualStore
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona
2013-08-14 09:01 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:01 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:01 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:01 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:01 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:01 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:01 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:01 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:01 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:01 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:01 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:01 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:01 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:01 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:00 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 09:00 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 09:00 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 09:00 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 09:00 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 09:00 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 09:00 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 09:00 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 09:00 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 09:00 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 09:00 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 09:00 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:00 - 2013-06-15 06:35 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-08-14 09:00 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-14 09:00 - 2012-11-30 07:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-08-14 09:00 - 2012-11-30 07:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-08-14 09:00 - 2012-11-30 07:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-14 09:00 - 2012-11-30 07:41 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-08-14 09:00 - 2012-11-30 07:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 07:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:53 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-08-14 09:00 - 2012-11-30 06:53 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 06:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 05:23 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-08-14 09:00 - 2012-11-30 04:38 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 04:38 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 04:38 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-14 09:00 - 2012-11-30 04:38 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-08-11 18:57 - 2013-08-11 18:57 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\OpenOffice
2013-08-11 18:54 - 2013-08-11 18:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-10 10:27 - 2013-08-10 10:27 - 00000000 ___HD C:\Users\Mikko\Downloads\eMule
2013-08-10 10:27 - 2013-08-10 10:27 - 00000000 ____D C:\ProgramData\eMule
2013-08-10 10:26 - 2013-08-10 10:26 - 00000000 ____D C:\Users\Mikko\AppData\Local\eMule
2013-08-10 10:26 - 2013-08-10 10:26 - 00000000 ____D C:\Program Files (x86)\eMule
2013-08-09 19:16 - 2013-08-09 19:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-08-09 19:16 - 2013-08-09 19:16 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Local\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Local\Aspell
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\ProgramData\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\ProgramData\Aspell
2013-08-07 12:33 - 2013-08-17 09:34 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Foxit Software
2013-08-07 12:33 - 2013-08-07 12:48 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-04 18:41 - 2013-08-04 19:59 - 00000000 ____D C:\Windows\WindowsMobile
2013-08-03 22:31 - 2013-08-03 22:31 - 00000406 _____ C:\Windows\system32\ioloBootDefrag.cfg
2013-08-03 22:30 - 2012-10-19 10:12 - 02135552 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2013-08-03 22:30 - 2012-10-19 09:38 - 00082160 _____ (Raxco Software, Inc.) C:\Windows\system32\Drivers\PDFsFilter.sys
2013-08-03 20:29 - 2013-08-04 09:25 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\redsn0w
2013-08-02 11:13 - 2013-08-03 22:30 - 00002219 _____ C:\Users\Mikko\Desktop\System Mechanic.lnk
2013-08-02 11:13 - 2013-08-02 11:13 - 00000406 _____ C:\Windows\SysWOW64\ioloBootDefrag.cfg
2013-08-02 11:13 - 2012-10-19 10:12 - 02077696 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2013-08-02 11:13 - 2012-10-19 10:02 - 00057680 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2013-08-02 11:13 - 2012-10-19 10:01 - 00025744 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2013-08-02 11:13 - 2010-02-08 23:36 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2013-08-02 11:13 - 2010-02-08 22:59 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2013-08-02 11:13 - 2008-12-09 10:59 - 00023464 _____ (EldoS Corporation) C:\Windows\system32\Drivers\ElRawDsk.sys
2013-08-02 11:12 - 2013-08-02 11:14 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\iolo
2013-08-02 11:12 - 2013-08-02 11:12 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dll
2013-08-02 11:05 - 2013-08-06 19:16 - 00000000 ____D C:\ProgramData\iolo
2013-08-02 11:05 - 2013-08-02 11:15 - 00000000 ____D C:\Program Files (x86)\iolo
2013-08-02 11:05 - 2013-08-02 11:05 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-07-31 10:11 - 2013-07-31 11:04 - 00000000 ____D C:\Users\Mikko\Documents\VirtualDJ
2013-07-31 10:11 - 2013-07-31 10:11 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2013-07-31 10:11 - 2013-07-31 10:11 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2013-07-31 09:33 - 2013-07-31 09:33 - 00000000 ____D C:\NvidiaLogging
2013-07-31 09:33 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-07-31 09:33 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-07-31 09:33 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-07-25 18:07 - 2013-07-25 18:14 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-826259500-1292757758-4240772575-1000
2013-07-25 18:07 - 2013-07-25 18:14 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-826259500-1292757758-4240772575-1000
2013-07-25 18:07 - 2013-07-25 18:14 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Real
2013-07-25 18:07 - 2013-07-25 18:14 - 00000000 ____D C:\Program Files (x86)\Real
2013-07-25 18:07 - 2013-07-25 18:07 - 00001023 _____ C:\Users\UpdatusUser\Desktop\ASF-AVI-RM-WMV Repair.lnk
2013-07-25 18:06 - 2013-07-25 18:14 - 00000000 ____D C:\ProgramData\Real
2013-07-25 18:05 - 2013-08-18 11:41 - 00000000 ____D C:\Users\Mikko\AppData\Local\QuickPar
==================== One Month Modified Files and Folders =======
2013-08-23 20:09 - 2013-08-23 20:09 - 00000000 ____D C:\FRST
2013-08-23 20:08 - 2013-08-23 20:08 - 01576584 _____ (Farbar) C:\Users\Mikko\Desktop\FRST64.exe
2013-08-23 20:07 - 2011-04-12 09:43 - 00697082 _____ C:\Windows\system32\perfh007.dat
2013-08-23 20:07 - 2011-04-12 09:43 - 00148346 _____ C:\Windows\system32\perfc007.dat
2013-08-23 20:07 - 2009-07-14 07:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-23 20:03 - 2013-08-23 20:03 - 00000472 _____ C:\Users\Mikko\Desktop\defogger_disable.log
2013-08-23 20:03 - 2013-08-23 20:03 - 00000000 _____ C:\Users\Mikko\defogger_reenable
2013-08-23 20:03 - 2013-07-14 19:37 - 00000000 ____D C:\Users\Mikko
2013-08-23 20:02 - 2013-08-23 20:02 - 00050477 _____ C:\Users\Mikko\Desktop\Defogger.exe
2013-08-23 19:30 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 19:30 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 19:26 - 2013-07-14 19:37 - 01229691 _____ C:\Windows\WindowsUpdate.log
2013-08-23 19:23 - 2013-07-14 20:49 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-23 19:23 - 2011-07-15 16:03 - 00042424 _____ C:\Windows\setupact.log
2013-08-23 19:23 - 2010-11-21 05:47 - 00120658 _____ C:\Windows\PFRO.log
2013-08-23 19:23 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 19:17 - 2013-08-22 13:02 - 00000000 ____D C:\ProgramData\BrowserDefender
2013-08-23 19:02 - 2013-08-23 19:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-23 19:01 - 2013-08-23 19:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Mikko\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-23 18:59 - 2013-08-20 09:08 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2013-08-23 18:50 - 2013-08-23 18:24 - 1032412076 _____ C:\Users\Mikko\Downloads\Pain.and.Gain-NSane.part2.rar
2013-08-23 18:47 - 2013-08-23 18:24 - 1036509053 _____ C:\Users\Mikko\Downloads\Pain.and.Gain-NSane.part1.rar
2013-08-23 18:23 - 2013-07-15 21:20 - 00000000 ____D C:\Users\Mikko\Documents\FIFA 13
2013-08-23 17:52 - 2013-08-20 11:49 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-23 17:35 - 2013-08-23 17:33 - 94875014 _____ C:\Users\Mikko\Downloads\Various Artists - The Jump Off by DJ Smurf DJ Maxxwell.rar
2013-08-23 10:40 - 2013-08-23 18:57 - 2068916225 _____ C:\Users\Mikko\Downloads\nsane-pag.avi
2013-08-23 10:40 - 2013-08-23 18:57 - 00003560 _____ C:\Users\Mikko\Downloads\nsane-pag.nfo
2013-08-23 10:40 - 2013-08-23 18:57 - 00000341 _____ C:\Users\Mikko\Downloads\www.goldesel.to - www.charts.to .txt
2013-08-23 10:40 - 2013-08-23 18:57 - 00000291 _____ C:\Users\Mikko\Downloads\Charts.to - Die ultimative Seite fuer Charts als Direkt-Download.url
2013-08-23 10:40 - 2013-08-23 18:57 - 00000220 _____ C:\Users\Mikko\Downloads\Goldesel.to - Die Seite fuer Direkt-Downloads aller Art.url
2013-08-23 10:08 - 2013-08-23 10:03 - 91245591 _____ C:\Users\Mikko\Downloads\System-Mechanic-Professional-11.0.5.2.rar
2013-08-22 13:07 - 2013-08-18 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-22 13:02 - 2013-08-22 13:02 - 00000000 ____D C:\ProgramData\Babylon
2013-08-22 12:14 - 2013-08-20 09:10 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\LumacDaemon
2013-08-22 12:06 - 2013-08-21 14:45 - 00000000 ____D C:\Users\Mikko\Downloads\HP
2013-08-22 11:55 - 2013-08-22 11:55 - 00000000 ____D C:\Program Files (x86)\Lumac
2013-08-22 11:55 - 2013-07-14 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-08-21 14:45 - 2013-08-21 14:45 - 00000000 ____D C:\Users\Mikko\Downloads\Papa
2013-08-21 10:52 - 2013-07-14 19:55 - 00037138 _____ C:\Windows\DPINST.LOG
2013-08-21 10:08 - 2013-08-21 10:07 - 00000037 _____ C:\Users\Mikko\Downloads\Neues Textdokument.txt
2013-08-20 18:38 - 2013-07-15 21:15 - 00000000 ____D C:\ProgramData\Origin
2013-08-20 18:34 - 2013-08-20 11:50 - 00000000 ____D C:\Users\Mikko\AppData\Local\Origin
2013-08-20 18:34 - 2013-07-15 21:19 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Origin
2013-08-20 11:49 - 2013-07-15 21:15 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-20 11:48 - 2013-07-14 20:58 - 00000000 ____D C:\Users\Mikko\AppData\Local\Deployment
2013-08-20 11:47 - 2013-07-16 10:23 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\UseNeXT
2013-08-20 11:43 - 2013-07-18 18:02 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\kuaiyong
2013-08-20 11:43 - 2013-07-18 17:55 - 00000000 ____D C:\Program Files (x86)\kuaiyong
2013-08-20 09:31 - 2013-08-20 09:19 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-08-20 09:21 - 2013-08-20 09:17 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Systweak
2013-08-20 09:20 - 2013-08-20 09:17 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-20 09:20 - 2013-07-14 19:37 - 00000000 ___RD C:\Users\Mikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-20 09:19 - 2013-08-20 09:19 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Malwarebytes
2013-08-20 09:19 - 2013-08-20 09:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 09:10 - 2013-08-20 09:10 - 00000000 ____D C:\Users\Mikko\AppData\Local\Firstload
2013-08-19 14:00 - 2013-08-19 14:00 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Avira
2013-08-18 19:52 - 2013-07-14 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 11:41 - 2013-07-25 18:05 - 00000000 ____D C:\Users\Mikko\AppData\Local\QuickPar
2013-08-18 11:41 - 2013-07-14 20:43 - 00000000 ____D C:\Windows\Minidump
2013-08-17 17:37 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-17 09:34 - 2013-08-07 12:33 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Foxit Software
2013-08-16 20:53 - 2013-08-16 20:53 - 00000000 ____D C:\Users\Mikko\dwhelper
2013-08-16 11:05 - 2013-08-16 11:00 - 00000018 _____ C:\Users\Mikko\Desktop\Neues Textdokument.txt
2013-08-15 20:09 - 2013-08-15 20:09 - 00064336 _____ C:\Users\Mona\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-15 20:09 - 2013-08-15 20:09 - 00000020 ___SH C:\Users\Mona\ntuser.ini
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Vorlagen
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Startmenü
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Netzwerkumgebung
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Lokale Einstellungen
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Eigene Dateien
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Druckumgebung
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Documents\Eigene Musik
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Documents\Eigene Bilder
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\AppData\Local\Verlauf
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\AppData\Local\Anwendungsdaten
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 _SHDL C:\Users\Mona\Anwendungsdaten
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\Documents\AlienFX
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Intel Corporation
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Intel
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Roaming\Adobe
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona\AppData\Local\VirtualStore
2013-08-15 20:09 - 2013-08-15 20:09 - 00000000 ____D C:\Users\Mona
2013-08-15 14:36 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-14 09:54 - 2013-07-22 11:55 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 09:53 - 2011-07-15 15:02 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-12 08:56 - 2009-07-14 06:45 - 00296856 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-11 19:53 - 2013-07-14 20:06 - 00064336 _____ C:\Users\Mikko\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-11 18:57 - 2013-08-11 18:57 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\OpenOffice
2013-08-11 18:54 - 2013-08-11 18:54 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2013-08-10 10:27 - 2013-08-10 10:27 - 00000000 ___HD C:\Users\Mikko\Downloads\eMule
2013-08-10 10:27 - 2013-08-10 10:27 - 00000000 ____D C:\ProgramData\eMule
2013-08-10 10:26 - 2013-08-10 10:26 - 00000000 ____D C:\Users\Mikko\AppData\Local\eMule
2013-08-10 10:26 - 2013-08-10 10:26 - 00000000 ____D C:\Program Files (x86)\eMule
2013-08-09 19:16 - 2013-08-09 19:16 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01009.Wdf
2013-08-09 19:16 - 2013-08-09 19:16 - 00000000 ____D C:\Program Files\Microsoft Xbox 360 Accessories
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Local\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\Users\Mikko\AppData\Local\Aspell
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\ProgramData\Foxit Advanced PDF Editor
2013-08-07 12:48 - 2013-08-07 12:48 - 00000000 ____D C:\ProgramData\Aspell
2013-08-07 12:48 - 2013-08-07 12:33 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2013-08-06 19:16 - 2013-08-02 11:05 - 00000000 ____D C:\ProgramData\iolo
2013-08-04 19:59 - 2013-08-04 18:41 - 00000000 ____D C:\Windows\WindowsMobile
2013-08-04 09:25 - 2013-08-03 20:29 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\redsn0w
2013-08-03 22:31 - 2013-08-03 22:31 - 00000406 _____ C:\Windows\system32\ioloBootDefrag.cfg
2013-08-03 22:30 - 2013-08-02 11:13 - 00002219 _____ C:\Users\Mikko\Desktop\System Mechanic.lnk
2013-08-02 11:15 - 2013-08-02 11:05 - 00000000 ____D C:\Program Files (x86)\iolo
2013-08-02 11:14 - 2013-08-02 11:12 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\iolo
2013-08-02 11:14 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\Offline Web Pages
2013-08-02 11:13 - 2013-08-02 11:13 - 00000406 _____ C:\Windows\SysWOW64\ioloBootDefrag.cfg
2013-08-02 11:12 - 2013-08-02 11:12 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dll
2013-08-02 11:05 - 2013-08-02 11:05 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2013-07-31 11:04 - 2013-07-31 10:11 - 00000000 ____D C:\Users\Mikko\Documents\VirtualDJ
2013-07-31 10:11 - 2013-07-31 10:11 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
2013-07-31 10:11 - 2013-07-31 10:11 - 00000000 ____D C:\Program Files (x86)\VirtualDJ
2013-07-31 09:33 - 2013-07-31 09:33 - 00000000 ____D C:\NvidiaLogging
2013-07-31 09:33 - 2013-07-14 20:49 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-07-31 09:33 - 2013-07-14 20:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-07-25 18:49 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-07-25 18:14 - 2013-07-25 18:07 - 00003340 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-826259500-1292757758-4240772575-1000
2013-07-25 18:14 - 2013-07-25 18:07 - 00003206 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-826259500-1292757758-4240772575-1000
2013-07-25 18:14 - 2013-07-25 18:07 - 00000000 ____D C:\Users\Mikko\AppData\Roaming\Real
2013-07-25 18:14 - 2013-07-25 18:07 - 00000000 ____D C:\Program Files (x86)\Real
2013-07-25 18:14 - 2013-07-25 18:06 - 00000000 ____D C:\ProgramData\Real
2013-07-25 18:07 - 2013-07-25 18:07 - 00001023 _____ C:\Users\UpdatusUser\Desktop\ASF-AVI-RM-WMV Repair.lnk
2013-07-25 18:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
2013-07-25 11:25 - 2013-08-14 09:01 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 10:57 - 2013-08-14 09:01 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 12:40
==================== End Of Log ============================
--- --- --- Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-08-23 20:16:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2 OCZ-VECT rev.1.03 119,24GB
Running: 3e1qo5ly.exe; Driver: C:\Users\Mikko\AppData\Local\Temp\ugloypoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002ff9000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff80002ff902f 16 bytes [00, 03, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1408] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000075691465 2 bytes [69, 75]
.text C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe[2100] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000756914bb 2 bytes [69, 75]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fef7ca2460 5 bytes JMP 000007fefd5202d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3476] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fef7cd96b0 6 bytes JMP 000007fefd520298
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef5c7dc88 5 bytes JMP 000007fff5c500d8
.text C:\Windows\system32\Dwm.exe[3568] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef5c7de10 5 bytes JMP 000007fff5c50110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4076] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3232] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Windows\System32\igfxpers.exe[3392] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Windows\WindowsMobile\wmdcBase.exe[3584] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe[3748] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files (x86)\Creative\Sound Blaster Recon3Di\Sound Blaster Recon3Di Control Panel\SBRcni.exe[4112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[4136] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[4188] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Program Files\Alienware\Command Center\AWCCServiceController.exe[4304] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4372] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\kernel32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4632] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe[2764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe[3432] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!RegSetValueExW 00000000773aaf40 7 bytes JMP 000000016fff0260
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!RegQueryValueExW 00000000773b4a60 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!RegDeleteValueW 00000000773d2990 5 bytes JMP 000000016fff01f0
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!K32GetMappedFileNameW 00000000773defe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!K32EnumProcessModulesEx 00000000774099b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!K32GetModuleInformation 00000000774194d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!K32GetModuleFileNameExW 0000000077419640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNEL32.dll!RegSetValueExA 000000007743a500 7 bytes JMP 000000016fff0228
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd533460 7 bytes JMP 000007fffd5200d8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd539940 6 bytes JMP 000007fffd520148
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd539fb0 5 bytes JMP 000007fffd520180
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd53a150 5 bytes JMP 000007fffd520110
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdba89e0 8 bytes JMP 000007fffd5201f0
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdbabe40 8 bytes JMP 000007fffd5201b8
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefec17490 11 bytes JMP 000007fffd520228
.text C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe[3428] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefec2bf00 7 bytes JMP 000007fffd520260
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Program Files\Alienware\Command Center\AlienFusionController.exe[3756] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 0000000076da1f2e 7 bytes JMP 000000016fa616b3
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 0000000076da5bcd 7 bytes JMP 000000016fa611cc
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000076db1429 7 bytes JMP 000000016fa612a8
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 0000000076dbea5d 7 bytes JMP 000000016fa61262
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 0000000076dcb223 5 bytes JMP 000000016fa615c8
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000076e488f4 7 bytes JMP 000000016fa61357
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000076e48979 5 bytes JMP 000000016fa616f4
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000076e48ccf 5 bytes JMP 000000016fa6101e
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076c21d1b 5 bytes JMP 000000016fa611e5
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076c21dc9 5 bytes JMP 000000016fa61019
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076c22aa4 5 bytes JMP 000000016fa61573
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076c22d0a 5 bytes JMP 000000016fa6128f
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 00000000756ce9a2 5 bytes JMP 000000016fa615e1
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 00000000756cebdc 5 bytes JMP 000000016fa611a9
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075278a29 5 bytes JMP 000000016fa61046
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075284572 5 bytes JMP 000000016fa610c8
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 000000007529e567 5 bytes JMP 000000016fa61433
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 00000000752d7a5c 5 bytes JMP 000000016fa615f0
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075375ea5 5 bytes JMP 000000016fa61618
.text C:\Users\Mikko\Desktop\3e1qo5ly.exe[1764] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753a9d0b 5 bytes JMP 000000016fa6123f
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\681729437c0d
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\681729437c0d (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
23.08.2013, 20:20
| #5 |
| /// TB-Ausbilder | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP Hallo Michi, das sieht soweit gut aus. Hast du denn (abgesehen von den conhost-Prozessen) noch weitere Verdachtsmomente für eine Infektion? Haben Avira oder Malwarebytes in letzter Zeit Funde gemeldet oder läuft etwas krumm? Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2
Schritt 3 ESET Online Scanner
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
23.08.2013, 20:23
| #6 |
| | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP ja vorhin als mir das wiederholt aufgefallen ist , hat maleware antibytes mir 31 infizierte Objekte gefunden und hab se entfernt . Mein Sohn wollte ein mp4 to avi programm installieren und obwohl er die zusatzprogramme auf ablehnen geklickt hat ( ich war dabei ) hats trotzdem komische sachen installiert ( quelle war von chip.de ) Ich mach jetzt mal die 3 Steps und poste die Logs |
|
23.08.2013, 20:28
| #7 | ||
| /// TB-Ausbilder | 3 Conhost.exe Prozesse , auch ich habe Sie , HELPZitat:
Zitat:
__________________ cheers, Leo |
|
23.08.2013, 21:10
| #8 |
| | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP hier mal der adw cleaner : Code:
ATTFilter # AdwCleaner v3.000 - Report created 23/08/2013 at 21:27:46
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Mikko - MIKKO-PC
# Running from : C:\Users\Mikko\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Users\Mikko\AppData\Roaming\Systweak
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\user.js
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\52eddd0e634ef46
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\systweak
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16635
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\Mikko\AppData\Roaming\Mozilla\Firefox\Profiles\qiaoctid.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "9839b837000000000000f01faf237fc5");
Line Deleted : user_pref("extensions.delta.instlDay", "15939");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.613:02:37");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=120665&tsp=4982");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
*************************
AdwCleaner[R0].txt - [3591 octets] - [23/08/2013 21:25:56]
AdwCleaner[R1].txt - [3651 octets] - [23/08/2013 21:27:32]
AdwCleaner[S0].txt - [3307 octets] - [23/08/2013 21:27:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3367 octets] ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.08.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Mikko :: MIKKO-PC [Administrator] Schutz: Deaktiviert 23.08.2013 19:02:47 mbam-log-2013-08-23 (19-02-47).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 375157 Laufzeit: 12 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.StartPage) -> Bösartig: (hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=9839F01FAF237FC5&affID=120665&tsp=4982) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: (NOTEPAD.EXE "%1") Gut: ("%1" /S) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: (NOTEPAD.EXE "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 5 C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mikko\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mikko\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 20 C:\Users\Mikko\AppData\Local\Temp\g0nQ_dy3.exe.part (PUP.Optional.Installex) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mikko\AppData\Roaming\BabSolution\Shared\enhancedNT.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) und zuletzt ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=367fb7a07994ef478ed6424cd03d113c
# engine=14884
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-23 08:08:25
# local_time=2013-08-23 10:08:25 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 15377 242711795 9535 0
# compatibility_mode=5893 16776574 100 94 3322914 128918355 0 0
# scanned=118135
# found=0
# cleaned=0
# scan_time=2143
|
|
23.08.2013, 21:18
| #9 |
| /// TB-Ausbilder | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP Hallo Michi, da ist kein Anlass zur Sorge gegeben. Ausser ein bisschen Adware ist da nichts zu sehen. Räumen wir auf. Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
23.08.2013, 21:27
| #10 |
| | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP Wenn du sagst es ist alles okay und sieht sauber aus , dann beruhigt mich das sehr Warum das so mit den Conhosts ist weiss ich zwar immernoch nicht aber vllt war das schon immer so .. Vielen Dank für deine Hilfe , wünsch dir noch ein schönen Abend Greetz Michi |
|
23.08.2013, 21:42
| #11 | |
| /// TB-Ausbilder | 3 Conhost.exe Prozesse , auch ich habe Sie , HELP Danke für die Rückmeldung, Michi. Zitat:
Freut mich, dass wir helfen konnten.  Falls du dem Forum noch Verbesserungsvorschläge, Kritik oder ein Lob mitgeben möchtest, kannst du das hier tun. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu 3 Conhost.exe Prozesse , auch ich habe Sie , HELP |
| .exe, besten, broken.opencommand, conhost.exe, help, host.exe, nichts, pup.optional.babsolution.a, pup.optional.browserdefender.a, pup.optional.datamngr, pup.optional.delta.a, pup.optional.installex, pup.optional.startpage, sachen, stand, würde |
Linear-Darstellung
