| |
| |||||||
Log-Analyse und Auswertung: Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
09.09.2013, 19:18
| #1 |
| |  Win7 home premium, 64bit. Seit heute ADWARE/BHO.Bprotector.1.2 Hallo, nachdem ich versuche ein Programm zu öffnen (Opera) bekam ich die Meldung meines Virenscanners (AntiVir), dass Viren gefunden wurden. Der Virus bzw. die Adware heißt ADWARE/BHO.Bprotector.1.2 und es ist z.B. Skype befallen. Ich habe nun alle Anweisungen von dieser Seite befolgt und um die Programme zu installieren, musste ich auf mein Adminkonto wechseln. Ich habe vorher alle Programme runtergeladen und bevor ich das Konto wechselte, habe ich das Wlan ausgestellt. Als ich alles erledigt hatte und zurück zu meinem anderen Konto (das ich für den alltäglichen Gebrauch nutze), war dies nicht mehr möglich, es konnte nicht mehr gefunden werden. Das war im Grunde meine Problembeschreibung. Jetzt kommen die ganzen Logfiles! Die GMER Datei ist nicht vollständig, da es zuviele Zeichen geworden wären. Bei Bedarf würde ich die Log-File nachträglich posten! Antivir Code:
ATTFilter Exportierte Ereignisse:
09.09.2013 19:16 [System-Scanner] Malware gefunden
Die Datei
'c:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.2'
[adware].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows\AppInit_Dlls> wurde erfolgreich repariert.
09.09.2013 19:16 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.2'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.09.2013 19:15 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8
e8}\BrowserDefender.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.2'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
03.09.2013 22:59 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://178.33.234.137/siteserver/userVisit.php"
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
28.08.2013 21:01 [Browser-Schutz] Malware gefunden
Beim Zugriff auf Daten der URL "hxxp://178.33.234.137/siteserver/userVisit.php"
wurde ein Virus oder unerwünschtes Programm 'HTML/Infected.WebPage.Gen' [virus]
gefunden.
Durchgeführte Aktion: Der Zugriff auf die Datei wurde blockiert
defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:32 on 09/09/2013 (Leif)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-09-2013 01
Ran by Leif (administrator) on LEIF-PC on 09-09-2013 19:33:40
Running from Q:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Could not list processes ===============
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63376 2012-09-07] (Lenovo)
HKLM\...\Run: [BLEServicesCtrl] - C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [177936 2012-02-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [] - [x]
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-30] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-10] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [228744 2012-09-20] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [293256 2012-10-10] (Lenovo Group Limited)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaOviSuite2] - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [385928 2010-02-24] (Nokia)
HKLM-x32\...\Run: [F-Secure ExploitShield] - C:\Program Files (x86)\F-Secure\ExploitShield\fsesgui.exe [629376 2009-06-29] (F-Secure Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1573584 2012-10-29] (Ask)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-04] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5998144 2012-09-24] (Lenovo Group Limited)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [DATAMNGR] - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe [1683456 2013-02-14] (Bandoo Media, inc)
HKLM-x32\...\Run: [NokiaMServer] - C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup [x]
HKU\Default\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
HKU\Leif_2\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\Leif_2\...\Run: [AdobeBridge] - [x]
HKU\UpdatusUser\...\RunOnce: [Lenovo.ShowBand] - C:\Program Files\Lenovo\SimpleTap DeskBand\ShowBand.exe [52584 2013-05-17] (Lenovo)
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll C:\Windows\system32\nvinitx.dll [1531256 2013-02-14] (Bandoo Media, inc)
AppInit_DLLs-x32: c:\progra~3\wincert\win32c~1.dll c:\windows\syswow64\nvinit.dll [202600 2012-10-03] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Leif\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
ShortcutTarget: Samsung SSD Magician.lnk -> C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
Startup: C:\Users\Leif\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)
Startup: C:\Users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Leif_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=119816&tt=gc_&babsrc=HP_ss_din2g&mntrId=342E685D43890A1D
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.v9.com/?utm_source=b&utm_medium=fox&from=fox&uid=198313_1050624_2142954431_3219913727_342E533C&ts=1355513859
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&tt=gc_&babsrc=HP_ss&mntrId=342E685D43890A1D
URLSearchHook: (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
SearchScopes: HKCU - DefaultScope {4A6F5241-F09A-433C-B436-1D0F9065080E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c4f1a904-284b-41b4-ad1c-962eb1c39eed&apn_sauid=A3E74190-CC0E-4891-8E97-61F942D59BCF
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119816&tt=gc_&babsrc=SP_ss_din2g&mntrId=342E685D43890A1D
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.v9.com/web/?q={searchTerms}
SearchScopes: HKCU - {4A6F5241-F09A-433C-B436-1D0F9065080E} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10261&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^AGS&apn_dtid=^YYYYYY^YY^DE&apn_uid=c4f1a904-284b-41b4-ad1c-962eb1c39eed&apn_sauid=A3E74190-CC0E-4891-8E97-61F942D59BCF
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2413} URL = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=0&systemid=413&apn_dtid=BND413&apn_ptnrs=AGA&o=APN10649&apn_uid=1750610507384605&q={searchTerms}
BHO: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\IEBHO.DLL (AuthenTec Inc.)
BHO: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
BHO-x32: Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Browser Helper Object - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\Lenovo Fingerprint Reader\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: DataMngr - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Proxy Help - {F386E548-C533-472E-8C61-C026FB14FEA9} - C:\Windows\SysWow64\Newtabs_v9.dll (Newtabs. inc)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Search-Results Toolbar - {3ec1a45c-8bc3-4bfe-b226-4051c5d3d068} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (APN LLC)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default
FF user.js: detected! => C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Ghostery - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\firefox@ghostery.com
FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\toolbar@ask.com
FF Extension: Search-Results Toolbar - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{3ec1a45c-8bc3-4bfe-b226-4051c5d3d068}
FF Extension: groovesharkUnlocker - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{14323AEE-F6B8-4DC8-BCE3-E62645830585}.xpi
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: No Name - C:\Users\Leif\AppData\Roaming\Mozilla\Firefox\Profiles\htfbv212.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF HKLM-x32\...\Firefox\Extensions: [{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}] C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF Extension: Adobe Contribute Toolbar - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\
Chrome:
=======
CHR Extension: (Google Drive) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Website Logon) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdkedefaddcdlpmiafhicjnkbogjiogj\2.0_0
CHR Extension: (Google Search) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Gmail) - C:\Users\Leif\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [bpeeepmahhfjiediknjejcmcfmjcjdck] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\serach.crx
CHR HKLM-x32\...\Chrome\Extension: [cdkedefaddcdlpmiafhicjnkbogjiogj] - C:\Program Files\Lenovo Fingerprint Reader\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [dkdkpmmkgdbglmfmmmmehbkmnkopingb] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx
CHR HKLM-x32\...\Chrome\Extension: [ijblflkdjdopkpdgllkmlbgcffjbnfda] - C:\Program Files (x86)\Google\Chrome\User Data\Default\Extensions\v9.crx
CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Leif\AppData\Local\Torch\Plugins\TorchPlugin.crx
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-04] (Avira Operations GmbH & Co. KG)
R2 ExploitShield; C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe [326272 2009-06-29] (F-Secure Corporation)
R2 FPLService; C:\Program Files\Lenovo Fingerprint Reader\TrueSuiteService.exe [328552 2012-08-09] (AuthenTec, Inc)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [187784 2012-10-10] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-28] (Avira Operations GmbH & Co. KG)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [43832 2012-09-10] (Synaptics Incorporated)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:30 - 2013-09-09 19:30 - 00012833 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-09 08:44 - 2013-09-09 19:14 - 96732368 _____ C:\Windows\SysWOW64\ꆜ«
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 13:46 - 2013-09-07 11:55 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-04 11:27 - 2013-09-07 11:55 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-08-28 18:38 - 2013-08-28 20:19 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 14:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 14:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 14:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 14:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 14:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 14:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 14:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 14:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 14:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 14:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 14:43 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 14:43 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 14:43 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 14:43 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 11:54 - 2013-08-15 14:41 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:29 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 10:29 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 10:29 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 10:29 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 10:29 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 10:29 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 10:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 10:29 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 10:29 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 10:29 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 10:29 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 10:29 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 10:29 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 10:29 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 10:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
==================== One Month Modified Files and Folders =======
2013-09-09 19:33 - 2013-09-09 19:33 - 00000000 ____D C:\FRST
2013-09-09 19:32 - 2013-09-09 19:32 - 00000000 _____ C:\Users\Leif\defogger_reenable
2013-09-09 19:32 - 2012-11-10 12:47 - 00000000 ____D C:\Users\Leif
2013-09-09 19:31 - 2013-03-02 10:24 - 00000000 ____D C:\Users\Leif\AppData\Roaming\Dropbox
2013-09-09 19:31 - 2012-11-13 00:40 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\MediaMonkey
2013-09-09 19:30 - 2013-09-09 19:30 - 00012833 _____ C:\Users\Leif_2\Desktop\xx.odt
2013-09-09 19:30 - 2012-11-10 12:47 - 01779221 _____ C:\Windows\WindowsUpdate.log
2013-09-09 19:28 - 2012-11-11 15:47 - 00000000 ____D C:\Users\Leif_2\AppData\Roaming\Skype
2013-09-09 19:14 - 2013-09-09 08:44 - 96732368 _____ C:\Windows\SysWOW64\ꆜ«
2013-09-08 19:46 - 2013-04-16 07:42 - 00083923 _____ C:\Windows\setupact.log
2013-09-07 11:55 - 2013-09-05 13:46 - 92693019 _____ C:\Users\Leif_2\Desktop\lieke.psd
2013-09-07 11:55 - 2013-09-04 11:27 - 00000000 ____D C:\Users\Leif_2\Desktop\fuer bewerbung
2013-09-06 10:03 - 2009-07-14 19:58 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-09-06 10:03 - 2009-07-14 19:58 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-09-06 10:03 - 2009-07-14 07:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-05 21:43 - 2013-09-05 21:43 - 00000000 ____D C:\Users\Leif_2\Desktop\plage
2013-09-05 10:33 - 2012-11-11 15:10 - 00000000 ____D C:\Users\Leif_2\Graphisoft
2013-09-04 15:29 - 2013-05-06 13:49 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-09-04 15:29 - 2013-03-28 09:14 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-28 20:19 - 2013-08-28 18:38 - 00000000 ____D C:\Users\Leif_2\Desktop\din
2013-08-23 21:16 - 2013-08-23 21:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-23 21:16 - 2012-11-10 13:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 14:13 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-17 14:13 - 2009-07-14 06:45 - 00015104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-15 14:41 - 2013-08-15 11:54 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 11:54 - 2012-11-12 16:22 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-11 16:31 - 2013-08-11 16:31 - 00008557 _____ C:\Users\Leif_2\Documents\buch.odt
Files to move or delete:
====================
C:\Users\Leif_2\3t1tts9nq9678.exe
C:\Users\Leif_2\axxs95v6uku73.exe
C:\Users\Leif\AppData\Local\Temp\cirin_mu.dll
C:\Users\Leif\AppData\Local\Temp\DeltaTB.exe
C:\Users\Leif\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Leif\AppData\Local\Temp\install.exe
C:\Users\Leif\AppData\Local\Temp\LyricsPal.exe
C:\Users\Leif\AppData\Local\Temp\NEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Leif\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Leif\AppData\Local\Temp\sfareca00001.dll
C:\Users\Leif\AppData\Local\Temp\sfextra.dll
C:\Users\Leif\AppData\Local\Temp\uninst1.exe
C:\Users\Leif_2\AppData\Local\Temp\Foxit Updater.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_1.exe
C:\Users\Leif_2\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih_2.exe
C:\Users\Leif_2\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 13:47
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-09-2013 01
Ran by Leif at 2013-09-09 19:34:26
Running from Q:\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
AbiWord 2.9.4 (x32 Version: 2.9.4)
Adobe Acrobat X Pro - English, Français, Deutsch (x32 Version: 10.0.0)
Adobe AIR (x32 Version: 3.7.0.2090)
Adobe Community Help (x32 Version: 3.4.980)
Adobe Content Viewer (x32 Version: 1.4.0)
Adobe Creative Suite 5.5 Master Collection (x32 Version: 5.5)
Adobe Flash Player 11 ActiveX (x32 Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03)
Adobe Story (x32 Version: 1.0.571)
Adobe Widget Browser (x32 Version: 2.0 Build 230)
Adobe Widget Browser (x32 Version: 2.0.230)
Anzeige am Bildschirm (Version: 7.06.00)
Apple Application Support (x32 Version: 2.3)
Apple Software Update (x32 Version: 2.1.3.127)
Ask Toolbar (x32 Version: 1.15.11.0)
Audacity 2.0.2 (x32 Version: 2.0.2)
Avira Free Antivirus (x32 Version: 13.0.0.4052)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.2.3.30498)
Biet-O-Matic v2.14.12 (x32 Version: 2.14.12)
Biet-O-Matic v2.14.8 (x32 Version: 2.14.8)
Broadcom 802.11 Network Adapter (Version: 5.100.82.130)
Brother MFL-Pro Suite DCP-135C (x32 Version: 1.0.2.0)
Bundled software uninstaller (x32)
Canon MG5100 series MP Drivers
CCleaner (Version: 4.00)
CDBurnerXP (x32 Version: 4.5.0.3661)
CINEMA 4D 11.514 (Version: 11.514)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
concept/design onlineTV 8 (x32 Version: 8.2.0.1)
DHTML Editing Component (x32 Version: 6.02.0001)
Dropbox (HKCU Version: 2.0.26)
Energie-Manager (x32 Version: 6.36)
Fingerprint Reader (Version: 5.4.100.233)
Foxit Reader (x32 Version: 5.4.4.1023)
Free FLV Converter V 7.5.0 (x32 Version: 7.5.0.0)
F-Secure ExploitShield (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Earth (x32 Version: 7.1.1.1888)
Google Update Helper (x32 Version: 1.3.21.153)
hiCAD 14 GER (Version: 14.0)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (x32 Version: 1.2.1.16)
Intel PROSet Wireless
Intel(R) OpenCL CPU Runtime (x32)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2696)
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (Version: 15.1.0.0096)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 2.1.0.0140)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel(R) WiDi (Version: 3.1.29.0)
Intel(R) Wireless Display
Intel® PROSet/Wireless WiFi-Software (Version: 15.01.0000.0830)
Java 7 Update 25 (x32 Version: 7.0.250)
K-Lite Codec Pack 9.4.0 (64-bit) (Version: 9.4.0)
Lenovo Auto Scroll Utility (Version: 1.34)
Lenovo Patch Utility (x32 Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1)
Lenovo Power Management Driver (Version: 1.65.05.21)
Lenovo Solution Center (Version: 2.1.003.00)
Lenovo System Update (x32 Version: 5.02.0018)
Maxwell 2 (x32)
Maxwell for Rhinoceros 4 (x32 Version: 1.6.8)
MediaMonkey 4.0 (x32 Version: 4.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft VC80 Support DLLs (x32 Version: 1.0.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
Miranda IM 0.10.8 (x32 Version: 0.10.8)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Netscape Navigator (9.0.0.6) (x32 Version: 9.0.0.6 (en-US))
NewTabs Uninstall (x32)
Nokia Connectivity Cable Driver (x32 Version: 7.1.27.0)
Nokia Ovi Suite (x32 Version: 2.1.1.1)
Nokia Ovi Suite Software Updater (x32 Version: 02.04.004.41370)
NVIDIA Grafiktreiber 306.97 (Version: 306.97)
NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0604)
NVIDIA PhysX-Systemsoftware 9.12.0604 (Version: 9.12.0604)
NVIDIA Systemsteuerung 306.97 (Version: 306.97)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
Opera 12.10 (x32 Version: 12.10.1652)
Ovi Desktop Sync Engine (x32 Version: 1.2.269.0)
OviMPlatform (x32 Version: 2.6.86.0)
PC Connectivity Solution (x32 Version: 10.6.2.0)
PDF Settings CS5 (x32 Version: 10.0)
PxMergeModule (x32 Version: 1.00.0000)
QuickTime (x32 Version: 7.73.80.64)
Realtek Ethernet Controller Driver (x32 Version: 7.49.927.2011)
Realtek PCIE Card Reader (x32 Version: 6.1.7601.29005)
Rhinoceros 4.0 (x32 Version: 4.0.20118)
Rhinoceros 4.0 SR7 (x32 Version: 4.0.41030)
Samsung SSD Magician (x32 Version: 3.2)
Search-Results Toolbar (x32 Version: 1.0.0.12)
Skype™ 6.3 (x32 Version: 6.3.107)
Speak-A-Message (x32 Version: 8.0.0)
SpeedFan (remove only) (x32)
ThinkPad UltraNav Driver (Version: 16.2.14.0)
ThinkPad Wireless LAN Adapter Software (x32 Version: 1.00.0031.1)
ThinkVantage Access Connections (x32 Version: 5.97)
ThinkVantage Communications Utility (Version: 3.0.37.0)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.77.0.9)
Torch (HKCU Version: 23.0.0.2585)
Turbo Lister 2 (x32 Version: 2.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Vectorworks 2013 Hilfe (x32 Version: 1.0)
VLC media player 2.0.7 (Version: 2.0.7)
Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
WinZip 17.0 (x32 Version: 17.0.10283)
==================== Restore Points =========================
==================== Hosts content: ==========================
2012-11-12 15:10 - 2012-11-12 15:10 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0423F42B-04AF-499D-B85B-4958DB66D753} - System32\Tasks\EPUpdater => C:\Users\Leif\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {15CC91A1-EC94-496F-A3D7-97C47805916B} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-10-29] ()
Task: {39D40690-2E74-41A2-8706-5150C2207390} - System32\Tasks\AdobeAAMUpdater-1.0-Leif-PC-Leif => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-30] (Adobe Systems Incorporated)
Task: {49A289BE-8A45-4E03-AC21-A7F6BE98260E} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {4E7C7339-9505-45BE-821B-B1D8C68E0556} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {536C0322-4FD5-4CA0-81E1-1197672F706E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-16] (Google Inc.)
Task: {5B9F579C-D1C0-4357-A05C-84FEC10D1394} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {7FC9C7A7-0535-493A-8EC2-456611706BE9} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\lsc.exe [2013-05-17] ()
Task: {8052EF62-7DA4-4D78-926D-12A9AB4978EC} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-05-17] ()
Task: {DB90D4AF-B2CC-46C5-B5A2-4B74D51FA537} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25] (Adobe Systems Incorporated)
Task: {FA8D345F-E64B-4C4B-AE4C-A93CBA12CC75} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-05-17] (Lenovo)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CreateHardwareScanTask.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1ce7f3e1c1e4db8.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\RebootCountTask.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
Task: C:\Windows\Tasks\Time72Task.job => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCService.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) ==========
AlternateDataStreams: C:\Users\Leif_2\AppData\Local\Temp:XMIbwXHnRlylAsvW21HzeZWKog
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/09/2013 07:31:31 PM) (Source: Application Error) (User: )
Description: Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen werden:
Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der gespeicherten Datei bzw. den auf dem Computer installierten
Speichertreibern, oder der Datenträger fehlt.
Das Programm Nokia Ovi Suite 2 wurde wegen dieses Fehlers geschlossen.
Programm: Nokia Ovi Suite 2
Datei:
Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1. Öffnen Sie die Datei erneut.
Diese Situation ist eventuell ein temporäres Problem, das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.
2.
Wenn Sie weiterhin nicht auf die Datei zugreifen können und
- diese sich im Netzwerk befindet,
dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem besteht und dass eine Verbindung mit dem Server hergestellt werden kann.
- diese sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet, überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.
3. Überprüfen und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4. Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin besteht.
5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.
Zusätzliche Daten
Fehlerwert: 00000000
Datenträgertyp: 0
Error: (09/09/2013 07:31:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: NokiaOviSuite.exe, Version: 2.1.1.1, Zeitstempel: 0x4b857b2b
Name des fehlerhaften Moduls: NokiaOviSuite.exe, Version: 2.1.1.1, Zeitstempel: 0x4b857b2b
Ausnahmecode: 0xc0000096
Fehleroffset: 0x00010023
ID des fehlerhaften Prozesses: 0x2740
Startzeit der fehlerhaften Anwendung: 0xNokiaOviSuite.exe0
Pfad der fehlerhaften Anwendung: NokiaOviSuite.exe1
Pfad des fehlerhaften Moduls: NokiaOviSuite.exe2
Berichtskennung: NokiaOviSuite.exe3
Error: (09/09/2013 07:31:25 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: SYNTPHELPER.EXE, Version: 16.2.14.0, Zeitstempel: 0x504a5540
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18205, Zeitstempel: 0x51dba4e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000986ea
ID des fehlerhaften Prozesses: 0x3d30
Startzeit der fehlerhaften Anwendung: 0xSYNTPHELPER.EXE0
Pfad der fehlerhaften Anwendung: SYNTPHELPER.EXE1
Pfad des fehlerhaften Moduls: SYNTPHELPER.EXE2
Berichtskennung: SYNTPHELPER.EXE3
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=25, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=17, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=23, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=21, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=18, Autor-ID=8086, Lieferant-ID=0, Lieferant-Typ=0
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-EapHost) (User: NT-AUTORITÄT)
Description: Überspringen: Eap method DLL path Fehler bei der Überprüfung. Fehler: Type-ID=43, Autor-ID=9, Lieferant-ID=0, Lieferant-Typ=0
System errors:
=============
Error: (09/09/2013 07:31:42 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (09/09/2013 07:30:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:30:22 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:49 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:47 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:46 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-DNS-Client) (User: NT-AUTORITÄT)
Description: Fehler beim Lesen der Datei für lokale Hosts.
Microsoft Office Sessions:
=========================
Error: (09/09/2013 07:31:31 PM) (Source: Application Error)(User: )
Description: Nokia Ovi Suite 2000000000
Error: (09/09/2013 07:31:31 PM) (Source: Application Error)(User: )
Description: NokiaOviSuite.exe2.1.1.14b857b2bNokiaOviSuite.exe2.1.1.14b857b2bc000009600010023274001cead826783f165C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeC:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exeaa0d4cd5-1975-11e3-a428-b888e33285a4
Error: (09/09/2013 07:31:25 PM) (Source: Application Error)(User: )
Description: SYNTPHELPER.EXE16.2.14.0504a5540ntdll.dll6.1.7601.1820551dba4e7c000000500000000000986ea3d3001cead8267ad2448C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Windows\SYSTEM32\ntdll.dlla684c1ec-1975-11e3-a428-b888e33285a4
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path25900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path17900
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path23808600
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path21808600
Error: (09/09/2013 07:30:21 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path18808600
Error: (09/09/2013 07:23:45 PM) (Source: Microsoft-Windows-EapHost)(User: NT-AUTORITÄT)
Description: Eap method DLL path43900
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 11853.63 MB
Available physical RAM: 9334.44 MB
Total Pagefile: 23705.44 MB
Available Pagefile: 21031.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:124.8 GB) (Free:18.95 GB) NTFS
Drive q: (Volume) (Fixed) (Total:113.57 GB) (Free:10.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238 GB) (Disk ID: A1F3293F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=125 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=114 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: ECCEAE0D)
Partition 1: (Not Active) - (Size=8 GB) - (Type=84)
Partition 2: (Not Active) - (Size=7 GB) - (Type=73)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-09 19:43:19
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.CXM0 238,47GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Leif\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80002dbf000 71 bytes [48, 83, EC, 20, 48, B8, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 616 fffff80002dbf048 21 bytes [73, 2D, FF, C7, 85, 3D, 76, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[1984] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe[1192] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\F-Secure\ExploitShield\fsessrv.exe[1948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe[2176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe[2208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000071891b41 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000071891be8 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000071891c20 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000071891cd2 2 bytes [89, 71]
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2236] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000071891cf2 2 bytes [89, 71]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe[2500] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[2656] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe[2800] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4968] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe[4432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075b4cfca 5 bytes JMP 0000000173d44970
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[6920] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[16500] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlk.exe[7932] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0c00d8
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0c0148
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0c0180
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0c0110
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0c01f0
.text C:\Program Files\Lenovo Fingerprint Reader\TouchControl.exe[16924] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0c01b8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe[13976] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\Lenovo\HOTKEY\MKRMSG.EXE[13620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[6604] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[15608] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\PROGRA~1\LENOVO\HOTKEY\tpnumlkd.exe[4048] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe[13780] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files\Lenovo Fingerprint Reader\x86\BioMonitor.exe[15984] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe[12644] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Windows\System32\igfxpers.exe[14516] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefeff7490 11 bytes JMP 000007fffd0e0228
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[16540] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007feff00bf00 7 bytes JMP 000007fffd0e0260
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007708efe0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 00000000770b99b0 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770c94d0 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!K32GetModuleFileNameExW 00000000770c9640 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770ea500 7 bytes JMP 000000016fff01b8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0f3460 7 bytes JMP 000007fffd0e00d8
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd0f9940 6 bytes JMP 000007fffd0e0148
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd0f9fb0 5 bytes JMP 000007fffd0e0180
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0fa150 5 bytes JMP 000007fffd0e0110
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefdc989e0 8 bytes JMP 000007fffd0e01f0
.text C:\Windows\System32\TpShocks.exe[14436] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefdc9be40 8 bytes JMP 000007fffd0e01b8
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 0000000075541429 7 bytes JMP 000000017362128f
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetModuleFileNameExW 000000007555b223 5 bytes JMP 000000017362159b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 00000000755d88f4 7 bytes JMP 0000000173621339
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 00000000755d8979 5 bytes JMP 00000001736216b8
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755d8ccf 5 bytes JMP 000000017362101e
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075861d1b 5 bytes JMP 00000001736211d1
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075861dc9 5 bytes JMP 0000000173621019
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075862aa4 5 bytes JMP 000000017362154b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075862d0a 5 bytes JMP 0000000173621276
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000076e3e9a2 5 bytes JMP 00000001736215b4
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000076e3ebdc 5 bytes JMP 000000017362119a
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000753c5ea5 5 bytes JMP 00000001736215e6
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 00000000753f9d0b 5 bytes JMP 000000017362122b
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076971465 2 bytes [97, 76]
.text C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe[7704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769714bb 2 bytes [97, 76]
.text ... * 2
...
Viele Grüße. |
Baum-Darstellung