| |
| |||||||
Log-Analyse und Auswertung: Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - BefallWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.09.2013, 12:46
| #1 |
| |  Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Hallo allerseits, bräuchte eure Hilfe. Malwarebytes hat vier infizierte Dateien gefunden: PUP.Optional.Conduit.A Spybot hat ebenfalls eine infizierte Datei gefunden: Win32.downloader.gen Hier die erforderlichen Logfiles (Waren zu lang, habe sie gekürzt und im Anhang drin): Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:25 on 12/09/2013 (Gregodinho)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-12 12:58:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST315003 rev.CC4G 1397,27GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\GREGOD~1\AppData\Local\Temp\pxldypob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff800031b3000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff800031b302f 16 bytes [00, 01, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\services.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[924] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[996] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[356] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[496] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1064] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1312] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1552] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1580] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1668] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[1740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1912] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[1976] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010012075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001203a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100120b14
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100120ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010012163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100121284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001219f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[2532] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2652] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001000f075c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001000f03a4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001000f0b14
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001000f0ecc
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001000f163c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001000f1284
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001000f19f4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[1928] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\svchost.exe[2820] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010023075c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002303a4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100230b14
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100230ecc
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010023163c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100231284
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002319f4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\SearchIndexer.exe[3184] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\WUDFHost.exe[3376] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001e075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001e03a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001e0b14
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001e0ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001e163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001e1284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001e19f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010018075c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010018163c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100181284
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\nvvsvc.exe[3888] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010039075c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003903a4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100390b14
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100390ecc
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010039163c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100391284
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003919f4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3728] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010035075c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003503a4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100350b14
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100350ecc
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010035163c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100351284
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003519f4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\taskhost.exe[3216] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010033075c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003303a4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100330b14
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100330ecc
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010033163c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100331284
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003319f4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\Dwm.exe[2568] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001b075c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001b03a4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001b0b14
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001b0ecc
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001b163c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001b1284
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001b19f4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\Explorer.EXE[1432] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010011075c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001103a4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100110b14
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100110ecc
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010011163c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100111284
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001119f4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\svchost.exe[4076] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010048075c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001004803a4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100480b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100480ecc
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010048163c
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100481284
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001004819f4
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[2588] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010024075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001002403a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100240b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100240ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010024163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100241284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001002419f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[4008] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001001a075c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001001a03a4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001001a0b14
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001001a0ecc
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001001a163c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001001a1284
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001001a19f4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\rundll32.exe[3780] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010032075c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003203a4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100320b14
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100320ecc
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010032163c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100321284
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003219f4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\System32\rundll32.exe[3776] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010030075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003003a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100300b14
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100300ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010030163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100301284
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003019f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Windows Sidebar\sidebar.exe[600] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 00000001005a075c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001005a03a4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 00000001005a0b14
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 00000001005a0ecc
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 00000001005a163c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 00000001005a1284
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001005a19f4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[1156] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3348] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe[3364] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 0000000100fa075c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 0000000100fa03a4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100fa0b14
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100fa0ecc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 0000000100fa163c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100fa1284
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 0000000100fa19f4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[1112] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\PDF24\pdf24.exe[1204] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3340] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100250a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c81465 2 bytes [C8, 76]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c814bb 2 bytes [C8, 76]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4172] entry point in ".rdata" section 000000006d4371e6
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076fc3b10 5 bytes JMP 000000010031075c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000076fc7ac0 5 bytes JMP 00000001003103a4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076ff1430 5 bytes JMP 0000000100310b14
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000076ff1490 5 bytes JMP 0000000100310ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076ff1570 5 bytes JMP 000000010031163c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000076ff17b0 5 bytes JMP 0000000100311284
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000076ff27e0 5 bytes JMP 00000001003119f4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\iPod\bin\iPodService.exe[4264] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007719fac0 5 bytes JMP 0000000100030600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007719fb58 5 bytes JMP 0000000100030804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007719fcb0 5 bytes JMP 0000000100030c0c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000771a0038 5 bytes JMP 0000000100030a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000771a1920 5 bytes JMP 0000000100030e10
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 00000000771bc4dd 5 bytes JMP 00000001000301f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 00000000771c1287 5 bytes JMP 00000001000303fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000754dee09 5 bytes JMP 00000001002401f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000754e3982 5 bytes JMP 00000001002403fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000754e7603 5 bytes JMP 0000000100240804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000754e835c 5 bytes JMP 0000000100240600
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000754ff52b 5 bytes JMP 0000000100240a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075665181 5 bytes JMP 0000000100251014
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075665254 5 bytes JMP 0000000100250804
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756653d5 5 bytes JMP 0000000100250a08
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756654c2 5 bytes JMP 0000000100250c0c
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756655e2 5 bytes JMP 0000000100250e10
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007566567c 5 bytes JMP 00000001002501f8
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007566589f 5 bytes JMP 00000001002503fc
.text c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe[4572] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075665a22 5 bytes JMP 0000000100250600
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1832] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Windows\system32\AUDIODG.EXE[5964] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000076edeecd 1 byte [62]
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe226e00 5 bytes JMP 000007ff7e241dac
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe226f2c 5 bytes JMP 000007ff7e240ecc
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe227220 5 bytes JMP 000007ff7e241284
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe22739c 5 bytes JMP 000007ff7e24163c
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe227538 5 bytes JMP 000007ff7e2419f4
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe2275e8 5 bytes JMP 000007ff7e2403a4
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe22790c 5 bytes JMP 000007ff7e24075c
.text C:\Windows\system32\SearchProtocolHost.exe[1536] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe227ab4 5 bytes JMP 000007ff7e240b14
.text C:\Users\Gregodinho\Desktop\gmer_2.1.19163.exe[872] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076baa2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3676] 0000000075667587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3720] 0000000070cb0cb3
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3732] 00000000771d2e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:4220] 00000000771d3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3928] 00000000771d3e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3712:3616] 00000000771d3e85
|
|
12.09.2013, 13:08
| #2 |
| /// the machine /// TB-Ausbilder    | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
12.09.2013, 13:35
| #3 |
| | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Danke schonmal. Hier die Logs:
__________________AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 12/09/2013 um 14:19:07
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gregodinho - MATR1X
# Gestartet von : C:\Users\Gregodinho\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Users\Gregodinho\AppData\LocalLow\boost_interprocess
Datei Gelöscht : C:\END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_super_RASMANCS
Schlüssel Gelöscht : HKCU\Software\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16686
-\\ Mozilla Firefox v23.0.1 (de)
[ Datei : C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[ Datei : C:\Users\Nadi & Gregi\AppData\Roaming\Mozilla\Firefox\Profiles\e1171b6h.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Gregodinho\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2010 octets] - [12/09/2013 14:18:34]
AdwCleaner[S0].txt - [1885 octets] - [12/09/2013 14:19:07]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1945 octets] ##########
[/CODE] Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Gregodinho on 12.09.2013 at 14:25:20,96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Gregodinho\AppData\Roaming\mozilla\firefox\profiles\9xkuu1mr.default\minidumps [59 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.09.2013 at 14:30:09,02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by Gregodinho (administrator) on MATR1X on 12-09-2013 14:32:10
Running from C:\Users\Gregodinho\Desktop\Virus
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MountPoints2: D - D:\autoRcd.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKU\Nadi & Gregi\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
IMEO\creator12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\discimageloader12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\retrieve12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\roxiocentralfx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Nadi & Gregi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Nadi & Gregi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (No File)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F1029A4A-8F5C-40C0-9EDB-DD433AAFD0F2} URL =
SearchScopes: HKCU - {FFACC2D9-33CD-48F5-94B1-8139B2856DCF} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: EPUBReader - C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: No Name - C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www.google.de/ig
CHR RestoreOnStartup: "hxxp://www.google.de/ig"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Reallusion CT4Player for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll ( )
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Google Search) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg\1.0.0.2_0
CHR Extension: (Google Calendar) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (AdBlock) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR StartMenuInternet: Google Chrome - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corp.)
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 14:25 - 2013-09-12 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-12 14:21 - 2013-09-12 14:21 - 00000056 _____ C:\Windows\setupact.log
2013-09-12 14:21 - 2013-09-12 14:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 14:20 - 2013-09-12 14:20 - 00001546 _____ C:\Windows\PFRO.log
2013-09-12 14:18 - 2013-09-12 14:19 - 00000000 ____D C:\AdwCleaner
2013-09-12 14:14 - 2013-09-12 14:14 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-09-12 14:00 - 2013-09-12 14:00 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-12 13:51 - 2013-09-12 14:32 - 00000000 ____D C:\Users\Gregodinho\Desktop\Virus
2013-09-12 12:46 - 2013-09-12 12:46 - 00000000 ____D C:\FRST
2013-09-12 12:45 - 2013-09-12 12:45 - 00000000 _____ C:\Users\Gregodinho\defogger_reenable
2013-09-12 11:28 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 11:28 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 11:28 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 11:28 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 11:28 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 11:28 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 11:28 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 11:28 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 11:28 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 11:28 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 11:28 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 11:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 11:08 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 11:08 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 11:08 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 11:08 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 11:08 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 11:08 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 11:08 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 11:08 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 11:08 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 11:08 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 11:08 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 11:08 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 11:08 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 11:08 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 11:08 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 11:08 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 11:08 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 20:12 - 2013-09-11 17:34 - 00012335 _____ C:\Users\Gregodinho\Desktop\GAZPROM_Finanzen.xlsx
2013-09-03 11:44 - 2013-09-12 14:04 - 00000000 ____D C:\Program Files (x86)\Der Kleine Turnierplaner
2013-09-03 11:44 - 2013-09-03 11:44 - 00000000 ____D C:\ProgramData\Der Kleine Turnierplaner
2013-09-03 11:43 - 2013-09-03 11:44 - 13589732 _____ (Der Kleine Turnierplaner) C:\Users\Gregodinho\Downloads\Setup_DerkleineTurnierplaner.exe
2013-08-30 19:34 - 2013-08-30 19:34 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Daedalic Entertainment
2013-08-30 19:31 - 2013-08-30 19:31 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-08-27 22:43 - 2013-06-17 05:02 - 00000000 ____D C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA
2013-08-27 22:42 - 2013-08-27 22:43 - 76332613 _____ C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA.rar
2013-08-26 11:29 - 2013-09-08 22:42 - 00011090 _____ C:\Users\Gregodinho\Desktop\Übersicht_Hallentermine_2013_2014.xlsx
2013-08-26 11:13 - 2013-08-26 11:13 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2013-08-22 11:17 - 2013-08-22 11:17 - 23611319 _____ C:\Users\Gregodinho\Downloads\wetransfer-772d58.zip
2013-08-21 14:03 - 2013-08-21 16:39 - 00010935 _____ C:\Users\Gregodinho\Documents\Auflistung_Finanzen_Junioren.xlsx
2013-08-19 04:45 - 2013-08-19 04:45 - 00097840 _____ C:\Users\Gregodinho\Documents\cc_20130819_044504.reg
2013-08-19 04:40 - 2013-08-19 04:41 - 00002194 _____ C:\AdwCleaner[S1].txt
2013-08-19 04:39 - 2013-08-19 04:40 - 00002028 _____ C:\AdwCleaner[R2].txt
2013-08-19 04:39 - 2013-08-19 04:39 - 00001968 _____ C:\AdwCleaner[R1].txt
2013-08-17 15:38 - 2013-08-17 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 12:41 - 2013-08-15 12:41 - 00471347 _____ C:\Users\Gregodinho\Downloads\Adidas Katalog nun auch auf dem smartphone oder tablet.zip
2013-08-14 09:37 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:37 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:37 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:37 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:36 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:36 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:36 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:36 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:36 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:36 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-12 14:29 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 14:29 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 14:25 - 2013-09-12 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-12 14:24 - 2012-04-04 13:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 14:22 - 2012-09-18 13:52 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-12 14:21 - 2013-09-12 14:21 - 00000056 _____ C:\Windows\setupact.log
2013-09-12 14:21 - 2013-09-12 14:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 14:21 - 2012-12-04 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-12 14:21 - 2011-01-20 14:01 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 14:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 14:20 - 2013-09-12 14:20 - 00001546 _____ C:\Windows\PFRO.log
2013-09-12 14:19 - 2013-09-12 14:18 - 00000000 ____D C:\AdwCleaner
2013-09-12 14:19 - 2013-04-12 13:23 - 00000000 ____D C:\ProgramData\Uniblue
2013-09-12 14:19 - 2012-06-20 12:00 - 01510086 _____ C:\Windows\WindowsUpdate.log
2013-09-12 14:16 - 2011-01-10 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-12 14:14 - 2013-09-12 14:14 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-09-12 14:14 - 2011-01-17 14:56 - 00000000 ____D C:\Program Files (x86)\XWindows Dock
2013-09-12 14:06 - 2011-01-20 14:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 14:04 - 2013-09-03 11:44 - 00000000 ____D C:\Program Files (x86)\Der Kleine Turnierplaner
2013-09-12 14:03 - 2012-06-19 19:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-12 14:03 - 2011-01-12 18:08 - 00000000 ____D C:\Users\Gregodinho\AppData\Roaming\Winamp
2013-09-12 14:03 - 2011-01-10 19:16 - 00000000 ____D C:\Windows\Panther
2013-09-12 14:00 - 2013-09-12 14:00 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-12 14:00 - 2012-06-20 13:47 - 00000000 ____D C:\Program Files\CCleaner
2013-09-12 13:48 - 2013-05-30 11:18 - 00000000 ____D C:\Users\Gregodinho\Documents\Outlook-Dateien
2013-09-12 13:36 - 2011-01-20 14:01 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 12:46 - 2013-09-12 12:46 - 00000000 ____D C:\FRST
2013-09-12 12:45 - 2013-09-12 12:45 - 00000000 _____ C:\Users\Gregodinho\defogger_reenable
2013-09-12 12:45 - 2011-01-12 14:08 - 00000000 ____D C:\Users\Gregodinho
2013-09-12 11:34 - 2011-01-12 14:12 - 00000000 ___RD C:\Users\Gregodinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 11:34 - 2011-01-12 14:08 - 00000000 ___RD C:\Users\Gregodinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 11:33 - 2011-01-12 17:31 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-12 11:31 - 2009-07-14 06:45 - 00450016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 11:28 - 2013-07-31 12:33 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 11:27 - 2011-01-12 17:12 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 11:26 - 2011-12-01 11:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 11:11 - 2013-05-23 21:56 - 00000000 ____D C:\Users\Gregodinho\Documents\FC 1926 Großen - Buseck
2013-09-11 17:34 - 2013-09-10 20:12 - 00012335 _____ C:\Users\Gregodinho\Desktop\GAZPROM_Finanzen.xlsx
2013-09-11 17:24 - 2012-04-04 13:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 17:24 - 2012-04-04 13:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 17:24 - 2011-05-16 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 10:52 - 2011-04-22 18:36 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-11 10:52 - 2011-04-22 18:35 - 00000000 ____D C:\ProgramData\DivX
2013-09-08 22:42 - 2013-08-26 11:29 - 00011090 _____ C:\Users\Gregodinho\Desktop\Übersicht_Hallentermine_2013_2014.xlsx
2013-09-05 19:51 - 2009-07-14 19:58 - 00700380 _____ C:\Windows\system32\perfh007.dat
2013-09-05 19:51 - 2009-07-14 19:58 - 00149176 _____ C:\Windows\system32\perfc007.dat
2013-09-05 19:51 - 2009-07-14 07:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 23:17 - 2011-01-12 21:48 - 00000000 ____D C:\Users\Gregodinho\AppData\Roaming\vlc
2013-09-03 11:44 - 2013-09-03 11:44 - 00000000 ____D C:\ProgramData\Der Kleine Turnierplaner
2013-09-03 11:44 - 2013-09-03 11:43 - 13589732 _____ (Der Kleine Turnierplaner) C:\Users\Gregodinho\Downloads\Setup_DerkleineTurnierplaner.exe
2013-09-02 13:18 - 2011-12-01 11:58 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Microsoft Help
2013-08-30 19:34 - 2013-08-30 19:34 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Daedalic Entertainment
2013-08-30 19:31 - 2013-08-30 19:31 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-08-30 09:48 - 2013-03-08 20:31 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-08 20:31 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-02-25 11:56 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2011-02-28 17:59 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-01-12 17:31 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2011-01-12 17:31 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-27 22:43 - 2013-08-27 22:42 - 76332613 _____ C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA.rar
2013-08-26 11:13 - 2013-08-26 11:13 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2013-08-22 11:17 - 2013-08-22 11:17 - 23611319 _____ C:\Users\Gregodinho\Downloads\wetransfer-772d58.zip
2013-08-21 16:39 - 2013-08-21 14:03 - 00010935 _____ C:\Users\Gregodinho\Documents\Auflistung_Finanzen_Junioren.xlsx
2013-08-19 17:10 - 2013-07-28 19:54 - 00011264 _____ C:\Users\Gregodinho\Documents\Comunio.xlsx
2013-08-19 04:45 - 2013-08-19 04:45 - 00097840 _____ C:\Users\Gregodinho\Documents\cc_20130819_044504.reg
2013-08-19 04:41 - 2013-08-19 04:40 - 00002194 _____ C:\AdwCleaner[S1].txt
2013-08-19 04:40 - 2013-08-19 04:39 - 00002028 _____ C:\AdwCleaner[R2].txt
2013-08-19 04:39 - 2013-08-19 04:39 - 00001968 _____ C:\AdwCleaner[R1].txt
2013-08-18 11:44 - 2012-04-27 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:38 - 2013-08-17 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 12:41 - 2013-08-15 12:41 - 00471347 _____ C:\Users\Gregodinho\Downloads\Adidas Katalog nun auch auf dem smartphone oder tablet.zip
Files to move or delete:
====================
C:\Users\GREGOD~1\AppData\Local\Temp\Quarantine.exe
C:\Users\GREGOD~1\AppData\Local\Temp\xuninst.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 19:21
==================== End Of Log ============================
--- --- --- [/CODE] |
|
12.09.2013, 17:35
| #4 |
| /// the machine /// TB-Ausbilder | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - BefallESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.09.2013, 19:24
| #5 |
| | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - BefallCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=d44243b6ad5d584f9191b58b8e480824
# engine=15103
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-12 06:11:34
# local_time=2013-09-12 08:11:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 19870 130639344 0 0
# scanned=192602
# found=0
# cleaned=0
# scan_time=4289
Code:
ATTFilter Results of screen317's Security Check version 0.99.73 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Malwarebytes Anti-Malware Version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.168 Adobe Reader 10.1.8 Adobe Reader out of Date! Mozilla Firefox (23.0.1) Mozilla Thunderbird (17.0.7) Google Chrome 18.0.1025.142 ````````Process Check: objlist.exe by Laurent```````` Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 02
Ran by Gregodinho (administrator) on MATR1X on 12-09-2013 20:19:43
Running from C:\Users\Gregodinho\Desktop\Virus
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastUI.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
(Broadcom Corporation.) c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RunDLLEntry_EptMon] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64
MountPoints2: D - D:\autoRcd.exe
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [avast5] - C:\Program Files\Alwil Software\Avast5\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-06-10] (Geek Software GmbH)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKU\Nadi & Gregi\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
IMEO\creator12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\discimageloader12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\retrieve12oem.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IMEO\roxiocentralfx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Nadi & Gregi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Nadi & Gregi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XWindows Dock.lnk
ShortcutTarget: XWindows Dock.lnk -> C:\Program Files (x86)\XWindows Dock\XWD.exe (No File)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {F1029A4A-8F5C-40C0-9EDB-DD433AAFD0F2} URL =
SearchScopes: HKCU - {FFACC2D9-33CD-48F5-94B1-8139B2856DCF} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: EPUBReader - C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
FF Extension: No Name - C:\Users\Gregodinho\AppData\Roaming\Mozilla\Firefox\Profiles\9xkuu1mr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF
Chrome:
=======
CHR HomePage: hxxp://www.google.de/ig
CHR RestoreOnStartup: "hxxp://www.google.de/ig"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Reallusion CT4Player for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npRLCT4Player.dll ( )
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Extension: (Google Search) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg\1.0.0.2_0
CHR Extension: (Google Calendar) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0
CHR Extension: (AdBlock) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\GREGOD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0
CHR StartMenuInternet: Google Chrome - C:\Users\Gregodinho\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S4 wlcrasvc; C:\Program Files (x86)\Windows Live\Mesh\wlcrasvc.exe [57184 2010-09-22] (Microsoft Corporation)
R2 wlidsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2286976 2010-09-21] (Microsoft Corp.)
==================== Drivers (Whitelisted) ====================
S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [32768 2010-04-29] (Google Inc)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 PcdrNdisuio; syswow64\drivers\pcdrndisuio.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-12 18:59 - 2013-09-12 18:59 - 00891144 _____ C:\Users\Gregodinho\Desktop\SecurityCheck.exe
2013-09-12 18:58 - 2013-09-12 18:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-12 18:55 - 2013-09-12 18:55 - 02347384 _____ (ESET) C:\Users\Gregodinho\Desktop\esetsmartinstaller_enu.exe
2013-09-12 14:45 - 2013-09-12 14:45 - 00000297 _____ C:\Users\Gregodinho\Desktop\Virus.URL
2013-09-12 14:25 - 2013-09-12 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-12 14:21 - 2013-09-12 18:52 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 14:21 - 2013-09-12 14:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 14:20 - 2013-09-12 14:41 - 00001960 _____ C:\Windows\PFRO.log
2013-09-12 14:18 - 2013-09-12 14:19 - 00000000 ____D C:\AdwCleaner
2013-09-12 14:14 - 2013-09-12 14:14 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-09-12 14:00 - 2013-09-12 14:00 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-12 13:51 - 2013-09-12 20:19 - 00000000 ____D C:\Users\Gregodinho\Desktop\Virus
2013-09-12 12:46 - 2013-09-12 12:46 - 00000000 ____D C:\FRST
2013-09-12 12:45 - 2013-09-12 12:45 - 00000000 _____ C:\Users\Gregodinho\defogger_reenable
2013-09-12 11:28 - 2013-08-10 07:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 11:28 - 2013-08-10 07:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 11:28 - 2013-08-10 07:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-09-12 11:28 - 2013-08-10 07:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 11:28 - 2013-08-10 07:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 11:28 - 2013-08-10 07:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-09-12 11:28 - 2013-08-10 07:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-09-12 11:28 - 2013-08-10 05:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-12 11:28 - 2013-08-10 05:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-12 11:28 - 2013-08-10 05:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-12 11:28 - 2013-08-10 05:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 11:28 - 2013-08-10 05:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-12 11:28 - 2013-08-10 04:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-09-12 11:28 - 2013-08-10 04:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-12 11:08 - 2013-08-08 03:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-12 11:08 - 2013-08-05 04:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-09-12 11:08 - 2013-08-02 04:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-09-12 11:08 - 2013-08-02 04:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-09-12 11:08 - 2013-08-02 04:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-09-12 11:08 - 2013-08-02 04:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-09-12 11:08 - 2013-08-02 04:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-09-12 11:08 - 2013-08-02 04:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-09-12 11:08 - 2013-08-02 04:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 04:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-12 11:08 - 2013-08-02 03:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-12 11:08 - 2013-08-02 03:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-12 11:08 - 2013-08-02 03:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 03:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-09-12 11:08 - 2013-08-02 02:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-12 11:08 - 2013-08-02 02:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-12 11:08 - 2013-08-02 02:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-12 11:08 - 2013-08-02 02:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-12 11:08 - 2013-08-02 02:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-12 11:08 - 2013-07-26 04:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-09-12 11:08 - 2013-07-26 04:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-09-12 11:08 - 2013-07-26 03:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-12 11:08 - 2013-07-26 03:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-10 20:12 - 2013-09-11 17:34 - 00012335 _____ C:\Users\Gregodinho\Desktop\GAZPROM_Finanzen.xlsx
2013-09-03 11:44 - 2013-09-12 14:04 - 00000000 ____D C:\Program Files (x86)\Der Kleine Turnierplaner
2013-09-03 11:44 - 2013-09-03 11:44 - 00000000 ____D C:\ProgramData\Der Kleine Turnierplaner
2013-09-03 11:43 - 2013-09-03 11:44 - 13589732 _____ (Der Kleine Turnierplaner) C:\Users\Gregodinho\Downloads\Setup_DerkleineTurnierplaner.exe
2013-08-30 19:34 - 2013-08-30 19:34 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Daedalic Entertainment
2013-08-30 19:31 - 2013-08-30 19:31 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-08-27 22:43 - 2013-06-17 05:02 - 00000000 ____D C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA
2013-08-27 22:42 - 2013-08-27 22:43 - 76332613 _____ C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA.rar
2013-08-26 11:29 - 2013-09-08 22:42 - 00011090 _____ C:\Users\Gregodinho\Desktop\Übersicht_Hallentermine_2013_2014.xlsx
2013-08-26 11:13 - 2013-08-26 11:13 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2013-08-22 11:17 - 2013-08-22 11:17 - 23611319 _____ C:\Users\Gregodinho\Downloads\wetransfer-772d58.zip
2013-08-21 14:03 - 2013-08-21 16:39 - 00010935 _____ C:\Users\Gregodinho\Documents\Auflistung_Finanzen_Junioren.xlsx
2013-08-19 04:45 - 2013-08-19 04:45 - 00097840 _____ C:\Users\Gregodinho\Documents\cc_20130819_044504.reg
2013-08-19 04:40 - 2013-08-19 04:41 - 00002194 _____ C:\AdwCleaner[S1].txt
2013-08-19 04:39 - 2013-08-19 04:40 - 00002028 _____ C:\AdwCleaner[R2].txt
2013-08-19 04:39 - 2013-08-19 04:39 - 00001968 _____ C:\AdwCleaner[R1].txt
2013-08-17 15:38 - 2013-08-17 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 12:41 - 2013-08-15 12:41 - 00471347 _____ C:\Users\Gregodinho\Downloads\Adidas Katalog nun auch auf dem smartphone oder tablet.zip
2013-08-14 09:37 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 09:37 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 09:37 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 09:37 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 09:37 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 09:37 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 09:36 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 09:36 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 09:36 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 09:36 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 09:36 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 09:36 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
2013-09-12 20:19 - 2013-09-12 20:19 - 00000948 _____ C:\Users\Gregodinho\Desktop\checkup.txt
2013-09-12 20:19 - 2013-09-12 13:51 - 00000000 ____D C:\Users\Gregodinho\Desktop\Virus
2013-09-12 19:36 - 2011-01-20 14:01 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-12 19:24 - 2012-04-04 13:33 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-12 19:00 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-12 19:00 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-12 18:59 - 2013-09-12 18:59 - 00891144 _____ C:\Users\Gregodinho\Desktop\SecurityCheck.exe
2013-09-12 18:58 - 2013-09-12 18:58 - 00000000 ____D C:\Program Files (x86)\ESET
2013-09-12 18:56 - 2012-06-20 12:00 - 01521394 _____ C:\Windows\WindowsUpdate.log
2013-09-12 18:55 - 2013-09-12 18:55 - 02347384 _____ (ESET) C:\Users\Gregodinho\Desktop\esetsmartinstaller_enu.exe
2013-09-12 18:54 - 2011-01-20 14:01 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-12 18:52 - 2013-09-12 14:21 - 00000224 _____ C:\Windows\setupact.log
2013-09-12 18:52 - 2012-12-04 18:34 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-12 18:52 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-12 15:27 - 2013-05-30 11:18 - 00000000 ____D C:\Users\Gregodinho\Documents\Outlook-Dateien
2013-09-12 14:45 - 2013-09-12 14:45 - 00000297 _____ C:\Users\Gregodinho\Desktop\Virus.URL
2013-09-12 14:41 - 2013-09-12 14:20 - 00001960 _____ C:\Windows\PFRO.log
2013-09-12 14:25 - 2013-09-12 14:25 - 00000000 ____D C:\Windows\ERUNT
2013-09-12 14:22 - 2012-09-18 13:52 - 00004184 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-12 14:21 - 2013-09-12 14:21 - 00000000 _____ C:\Windows\setuperr.log
2013-09-12 14:19 - 2013-09-12 14:18 - 00000000 ____D C:\AdwCleaner
2013-09-12 14:19 - 2013-04-12 13:23 - 00000000 ____D C:\ProgramData\Uniblue
2013-09-12 14:16 - 2011-01-10 10:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-12 14:14 - 2013-09-12 14:14 - 00000040 _____ C:\Users\Public\Documents\_rgpl
2013-09-12 14:14 - 2011-01-17 14:56 - 00000000 ____D C:\Program Files (x86)\XWindows Dock
2013-09-12 14:06 - 2011-01-20 14:01 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-12 14:04 - 2013-09-03 11:44 - 00000000 ____D C:\Program Files (x86)\Der Kleine Turnierplaner
2013-09-12 14:03 - 2012-06-19 19:34 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-09-12 14:03 - 2011-01-12 18:08 - 00000000 ____D C:\Users\Gregodinho\AppData\Roaming\Winamp
2013-09-12 14:03 - 2011-01-10 19:16 - 00000000 ____D C:\Windows\Panther
2013-09-12 14:00 - 2013-09-12 14:00 - 00002782 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2013-09-12 14:00 - 2012-06-20 13:47 - 00000000 ____D C:\Program Files\CCleaner
2013-09-12 12:46 - 2013-09-12 12:46 - 00000000 ____D C:\FRST
2013-09-12 12:45 - 2013-09-12 12:45 - 00000000 _____ C:\Users\Gregodinho\defogger_reenable
2013-09-12 12:45 - 2011-01-12 14:08 - 00000000 ____D C:\Users\Gregodinho
2013-09-12 11:34 - 2011-01-12 14:12 - 00000000 ___RD C:\Users\Gregodinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-09-12 11:34 - 2011-01-12 14:08 - 00000000 ___RD C:\Users\Gregodinho\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-09-12 11:33 - 2011-01-12 17:31 - 00000000 _____ C:\Windows\SysWOW64\config.nt
2013-09-12 11:31 - 2009-07-14 06:45 - 00450016 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 11:28 - 2013-07-31 12:33 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 11:27 - 2011-01-12 17:12 - 79143768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-09-12 11:26 - 2011-12-01 11:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 11:11 - 2013-05-23 21:56 - 00000000 ____D C:\Users\Gregodinho\Documents\FC 1926 Großen - Buseck
2013-09-11 17:34 - 2013-09-10 20:12 - 00012335 _____ C:\Users\Gregodinho\Desktop\GAZPROM_Finanzen.xlsx
2013-09-11 17:24 - 2012-04-04 13:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-11 17:24 - 2012-04-04 13:33 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-11 17:24 - 2011-05-16 12:19 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-11 10:52 - 2011-04-22 18:36 - 00000000 ____D C:\Program Files (x86)\DivX
2013-09-11 10:52 - 2011-04-22 18:35 - 00000000 ____D C:\ProgramData\DivX
2013-09-08 22:42 - 2013-08-26 11:29 - 00011090 _____ C:\Users\Gregodinho\Desktop\Übersicht_Hallentermine_2013_2014.xlsx
2013-09-05 19:51 - 2009-07-14 19:58 - 00700380 _____ C:\Windows\system32\perfh007.dat
2013-09-05 19:51 - 2009-07-14 19:58 - 00149176 _____ C:\Windows\system32\perfc007.dat
2013-09-05 19:51 - 2009-07-14 07:13 - 01622100 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-04 23:17 - 2011-01-12 21:48 - 00000000 ____D C:\Users\Gregodinho\AppData\Roaming\vlc
2013-09-03 11:44 - 2013-09-03 11:44 - 00000000 ____D C:\ProgramData\Der Kleine Turnierplaner
2013-09-03 11:44 - 2013-09-03 11:43 - 13589732 _____ (Der Kleine Turnierplaner) C:\Users\Gregodinho\Downloads\Setup_DerkleineTurnierplaner.exe
2013-09-02 13:18 - 2011-12-01 11:58 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Microsoft Help
2013-08-30 19:34 - 2013-08-30 19:34 - 00000000 ____D C:\Users\Gregodinho\AppData\Local\Daedalic Entertainment
2013-08-30 19:31 - 2013-08-30 19:31 - 00000000 ____D C:\Program Files (x86)\Daedalic Entertainment
2013-08-30 09:48 - 2013-03-08 20:31 - 00204880 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-03-08 20:31 - 00065336 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-08-30 09:48 - 2012-02-25 11:56 - 00072016 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2011-02-28 17:59 - 01030952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00378944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00080816 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2011-01-12 17:31 - 00033400 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-08-30 09:47 - 2011-01-12 17:31 - 00287840 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-08-30 09:47 - 2011-01-12 17:31 - 00041664 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-08-27 22:43 - 2013-08-27 22:42 - 76332613 _____ C:\Users\Gregodinho\Downloads\Kanye_West-Yeezus-2013-WHOA.rar
2013-08-26 11:13 - 2013-08-26 11:13 - 00354656 _____ (DivX, Inc.) C:\Windows\SysWOW64\DivXControlPanelApplet.cpl
2013-08-22 11:17 - 2013-08-22 11:17 - 23611319 _____ C:\Users\Gregodinho\Downloads\wetransfer-772d58.zip
2013-08-21 16:39 - 2013-08-21 14:03 - 00010935 _____ C:\Users\Gregodinho\Documents\Auflistung_Finanzen_Junioren.xlsx
2013-08-19 17:10 - 2013-07-28 19:54 - 00011264 _____ C:\Users\Gregodinho\Documents\Comunio.xlsx
2013-08-19 04:45 - 2013-08-19 04:45 - 00097840 _____ C:\Users\Gregodinho\Documents\cc_20130819_044504.reg
2013-08-19 04:41 - 2013-08-19 04:40 - 00002194 _____ C:\AdwCleaner[S1].txt
2013-08-19 04:40 - 2013-08-19 04:39 - 00002028 _____ C:\AdwCleaner[R2].txt
2013-08-19 04:39 - 2013-08-19 04:39 - 00001968 _____ C:\AdwCleaner[R1].txt
2013-08-18 11:44 - 2012-04-27 15:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-17 15:38 - 2013-08-17 15:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 15:11 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 12:41 - 2013-08-15 12:41 - 00471347 _____ C:\Users\Gregodinho\Downloads\Adidas Katalog nun auch auf dem smartphone oder tablet.zip
Files to move or delete:
====================
C:\Users\GREGOD~1\AppData\Local\Temp\Quarantine.exe
C:\Users\GREGOD~1\AppData\Local\Temp\xuninst.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 19:21
==================== End Of Log ============================
--- --- --- |
|
13.09.2013, 08:37
| #6 |
| /// the machine /// TB-Ausbilder | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Adobe updaten. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall |
|
13.09.2013, 12:24
| #7 |
| | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Alles erledigt, Keine Schädlinge mehr gefunden. Vielen dank für die schnelle und kompetente Hilfe. Wochenende kann kommen. Gruß |
|
13.09.2013, 13:56
| #8 |
| /// the machine /// TB-Ausbilder | Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 7 - Win32.downloader.gen - PUP.Optional.Conduit.A - Befall |
| .dll, adobe, avast, dateien, explorer.exe, harddisk, hook, infizierte, logfiles, malwarebytes, microsoft, ntdll.dll, nvidia, pdf, realtek, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, temp, windows media player, winlogon.exe, wmp |
Linear-Darstellung
