|
Log-Analyse und Auswertung: Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und DownloadhinweiseWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.09.2013, 12:28 | #1 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Habe einen Laptop gebraucht mit Windows 8 installiert gekauft. Von Beginn an, habe ich das Phänomen, dass sich sowohl in Firefox, wie auch im Internet Explorer (weitere Browser habe ich nicht probiert) Popups öffnen, die darauf hinweisen, dass mein Computer langsam sei oder sich Spyware auf meinem System befinden würde. Teilweise befinden sich diese Informationen wie Werbebanner eingebettet in den aufgerufenen Websiten. Hatte dann Avast als Virenscanner installiert und von da an war es etwas besser, jedoch nicht behoben. Habe heute noch mit Avast einen Scan beim Hochfahren gemacht, wobei recht viele Funde in den Container verschoben wurden. Einige wenige Dateien konnte ich weder verschieben, noch reparieren, noch löschen. Z.B. folgende: C:\Users\Neuer Besitzer\App Data\Local\Mircrosoft\Windows\Temporary Internet Files\Content.IE5\2WCUO1BA\pack [1].7Z | > protector.dll Im Anhang habe ich die geforderten Log.Files angehängt (Gmer Datei war zu groß zum hochladen, daher in zwei Dateien aufgeteilt) und ein paar Screenshots in PDF Form, wie sich das Problem im Browser darstellt. Den Container von Avast hätte ich auch gerne hochgeladen, jedoch sind die Screenshots zu groß und die Möglichkeit eine .txt zu erstellen habe ich bei Avast nicht gefunden. Nutze den Computer bislang nur eingeschränkt, da ich Angst habe, dass meine Daten ausgespäht werden. Ein Leistungsdefizit konnte ich bisher jedoch nicht feststellen, es ist nur kein normales Surfen im Internet möglich ohne ständig gestört zu werden und den angebotenen Links mit Downloadbuttons vertraue ich nicht. Bitte um eure Hilfe um meinen Computer wieder sauber zu bekommen. |
16.09.2013, 12:36 | #2 |
/// TB-Ausbilder | Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Hallo,
__________________hänge die Logfiles bitte nicht an (das erschwert mir das Auswerten massiv), sondern füge deren Inhalt direkt innerhalb von Codetags ein: [code]Inhalt Logfile[/code]. (Anleitung)) Wenn es zu viele Zeichen sind, dann teile die Logs auf mehrere Posts auf. Danke.
__________________ |
16.09.2013, 12:43 | #3 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Werde die Logs einzeln posten, damit es nicht zu unübersichtlich wird.
__________________Hier der erste Log: Addition:FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer at 2013-09-16 12:15:28 Running from C:\Users\Neuer Besitzer\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Anzeige am Bildschirm (Version: 6.70.00) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) avast! Free Antivirus (x32 Version: 8.0.1497.0) Bonjour (Version: 3.0.0.10) Bonjour-Druckdienste (Version: 2.0.2.0) Citrix Online Launcher (x32 Version: 1.0.122) Conexant 20585 SmartAudio HD (Version: 4.95.48.50) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0) FreePDF (Remove only) (x32) Google Chrome (x32 Version: 29.0.1547.66) Google Update Helper (x32 Version: 1.3.21.153) GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189) GPL Ghostscript (Version: 9.10) Integrated Camera Driver Installer Package Ver.1.1.0.48 (x32 Version: 1.1.0.48) Intel PROSet Wireless Intel PROSet Wireless (x32) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Network Connections Drivers (Version: 14.8) Intel(R) Processor Graphics (x32 Version: 8.15.10.2401) Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Lenovo Patch Utility (x32 Version: 1.3.1.1) Lenovo Patch Utility 64 bit (Version: 1.3.1.1) Lenovo Patch Utility 64 bit (Version: 1.4.0.4) Lenovo Settings - Camera Audio (Version: 4.0.97.0) Lenovo Settings Dependency Package (Version: 1.1.1.11) Lenovo Settings Mobile Hotspot (Version: 1.1.0.57) Lenovo System Interface Driver (Version: 1.05) Lenovo System Update (x32 Version: 5.02.0018) Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23) LyricsGet (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) MixiDJ chrome Toolbar (x32) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250) RedMon - Redirection Port Monitor ThinkPad FullScreen Magnifier (Version: 2.40) ThinkPad Power Management Driver (Version: 1.64.00.00) ThinkPad UltraNav Driver (Version: 16.2.19.7) ThinkVantage Access Connections (x32 Version: 5.85) ThinkVantage System für aktiven Festplattenschutz (Version: 1.75) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) VLC media player 2.1.0-rc2 (Version: 2.1.0-rc2) WISO Konto Online 2013 (x32 Version: 15.5.0.59) zebNet® Windows Keyfinder TNG 5.0.1.2 (Version: 5.0.1.2) ==================== Restore Points ========================= 02-09-2013 09:08:02 Windows Update 16-09-2013 09:09:19 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {01D701B0-F4C4-4815-AEE5-217B6AD2383D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {0A78BE9E-BD6C-4C65-BCC1-F15E59BB3560} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation) Task: {0B235AF4-02EC-489E-AFBE-C82050A39D7E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {0C4D9E1D-10BB-4728-B556-B568E72E9794} - \LyricsGet Update No Task File Task: {1054C120-1EB9-48F7-A095-121A59C1B53E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2216669695-2906418150-1901199515-1003 => C:\Windows\System32\portabledeviceapi.dll [2012-07-26] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {119EC43B-1FCA-4363-BE12-4DA0770FC099} - System32\Tasks\User_Feed_Synchronization-{835C04DA-5AF2-4DAD-9A49-0F4A1E07D72C} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {14AF177B-BDF8-4056-AE31-87848D77A07B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {153B9BEA-AD7A-41F9-8A5E-5836167451C4} - System32\Tasks\4596 => C:\Windows\System32\wscript.exe [2012-07-26] (Microsoft Corporation) Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {17DA0648-ACC7-455C-9177-71F0C52FCD03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1DB7FFDC-4614-41FE-BFBA-E9C4A74CBB11} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {21A60AE9-9F2D-43F5-8591-B5ADC045E5D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {31359161-6956-41A5-B54E-C62BE5F13BA9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {31F466D1-0475-4346-943E-8D800289EFAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3998CB31-C159-4979-BCAA-02783C9218DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44AA1725-EAA2-4351-AFE0-99DB0A4B4541} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4AAC020C-D53D-4515-AD55-491D91B74FEF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {4B996635-9C3C-4D49-A731-57EF0F6619B1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1000 Task: {53DDCC9F-6125-42EB-BAA6-792AC6A4738F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {55FE21DB-3203-4AC8-A829-59EFFDD545E7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5C92DE07-286B-477A-A0DE-7A319EAE6244} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5DB8468F-E861-4B89-A8E0-927E0EB4DD48} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {60351E1F-46BA-4935-879C-28C05C49D6F3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6399FCD6-5683-4341-9EB4-A527DAF54ED4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] () Task: {641791E5-CC72-40BA-A54F-FC84C32AE766} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {6E6BAD4A-4D4D-423B-B729-D220168FDC9C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {704C6B85-D3A9-4074-A991-EC71794043B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software) Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {8991C63F-7D27-421C-BEB8-49D346CAB431} - \BrowserDefendert No Task File Task: {8C85EDF1-EC47-451E-909B-E708638B3B34} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {914662E9-8DC6-4E9F-83E4-7CD290989236} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9B7BFD1D-64FE-4B89-ADE7-F462D487D848} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 Task: {9C3FEA9E-F571-4441-847F-55A2D26BC8B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {9C6F66FF-C5E5-44B9-8919-BE9E7083A46E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A533E55B-8905-4461-ADB7-720CCED0CFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC600421-498C-433A-ACA9-74763908FAA8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B0870C67-774C-4072-9B06-950FF390C738} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {BB8593A2-C616-4349-ACC7-C71014F20A77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BEA9FED3-FE9B-4E37-950A-F8FEA890AD91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {BFCA05DD-EF9E-4500-A5E8-3139E5090A4F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {C174DE89-C4CA-40DC-9D09-DA03AE94B084} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C51C1B36-9255-4BF2-9B97-67B41396C78E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D37D9325-DB2A-4F77-A48E-ACCEAA330034} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {D50C4B42-50CD-484F-AE78-72256B696C37} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D7A76948-8353-4143-A912-61829725EF09} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {D9D49257-2249-4962-951B-55588174D9FB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation) Task: {DA57D964-E021-4BA5-8D44-9C0E5E18B4B9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {DB4A80AB-9A15-437E-BD0E-7A4BC85E272F} - System32\Tasks\0 => Iexplore.exe Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F8FFA4BB-836E-4B38-9F59-7998CE447475} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv Task: {FAEF8084-D8CC-4713-971A-A20486102D64} - \EPUpdater No Task File Task: {FEC2ABE9-9E85-4E37-B2B1-3892DE1E2D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\LyricsGet Update.job => C:\Program Files (x86)\Lyrics-Get\LyricsUPD.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-27 17:06 - 2011-06-27 17:06 - 00348752 _____ (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\PcdToolbar584923.dll 2013-05-16 23:33 - 2013-04-18 07:32 - 00115712 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\SYSTEM32\Sensor64.dll 2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-09-14 23:46 - 2012-09-14 23:46 - 00286720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll 2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-07 17:30 - 2013-04-24 01:23 - 01048816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll 2013-04-24 01:22 - 2013-04-24 01:22 - 00229616 _____ (Synaptics Incorporated) C:\WINDOWS\SYSTEM32\SynTPAPI.dll 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\system32\Sensor64.dll 2012-07-26 04:14 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msgsm32.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msg711.acm 2012-07-26 04:13 - 2012-07-26 05:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\imaadp32.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msadp32.acm 2011-11-02 00:26 - 2011-11-02 00:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\WINDOWS\SYSTEM32\dnssd.dll 2013-08-19 21:55 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-11 14:40 - 2013-09-11 14:40 - 00145920 _____ () C:\Program Files (x86)\Lyrics-Get\133.dll 2013-05-10 23:35 - 2013-06-28 00:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/16/2013 00:06:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x4232a581 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000054ec ID des fehlerhaften Prozesses: 0x2108 Startzeit der fehlerhaften Anwendung: 0xsetup.exe_unknown0 Pfad der fehlerhaften Anwendung: setup.exe_unknown1 Pfad des fehlerhaften Moduls: setup.exe_unknown2 Berichtskennung: setup.exe_unknown3 Vollständiger Name des fehlerhaften Pakets: setup.exe_unknown4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_unknown5 Error: (09/16/2013 11:38:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (09/16/2013 11:23:56 AM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 157c Startzeit: 01ceb2bda189a742 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: b3115bcb-1eb1-11e3-be86-e02a82f2a4a9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:01 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. System errors: ============= Error: (09/16/2013 10:55:59 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "ACGina". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (09/16/2013 09:13:40 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (09/15/2013 00:19:56 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/14/2013 10:36:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/14/2013 10:24:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/11/2013 00:22:43 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/11/2013 08:25:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/10/2013 07:19:08 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/10/2013 06:14:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht. Error: (09/10/2013 06:14:25 PM) (Source: Server) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E3B1DA03-E878-461A-B7E3-B3383A386A66} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Microsoft Office Sessions: ========================= Error: (09/16/2013 00:06:13 PM) (Source: Application Error)(User: ) Description: setup.exe_unknown0.0.0.04232a581ntdll.dll6.2.9200.1657951637f77c000000500000000000054ec210801ceb2c45fcc5dd1C:\Users\Neuer Besitzer\AppData\Local\Temp\IXP001.TMP\setup.exeC:\WINDOWS\SYSTEM32\ntdll.dll9df2d7c1-1eb7-11e3-be86-e02a82f2a4a9 Error: (09/16/2013 11:38:17 AM) (Source: SideBySide)(User: ) Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0 Error: (09/16/2013 11:23:56 AM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16660157c01ceb2bda189a7424C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb3115bcb-1eb1-11e3-be86-e02a82f2a4a9 Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:01 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) CodeIntegrity Errors: =================================== Date: 2013-09-02 14:24:28.641 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.078 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:27.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:24.719 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:24.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:23:18.206 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:23:18.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 3891.66 MB Available physical RAM: 1641.66 MB Total Pagefile: 7859.66 MB Available Pagefile: 5429.24 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.45 GB) (Free:104.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 65C6DBE7) Partition 1: (Not Active) - (Size=512 MB) - (Type=05) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Hier defogger_disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:04 on 16/09/2013 (Neuer Besitzer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Hier FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 12:14:49 Running from C:\Users\Neuer Besitzer\Desktop Windows 8 Pro (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: LyricsGet - {602b2047-753a-4013-b389-df32f2a78a96} - C:\Program Files (x86)\Lyrics-Get\133.dll () BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default FF user.js: detected! => C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js FF SearchEngineOrder.1: Mixi.DJ Search FF SelectedSearchEngine: Mixi.DJ Search FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130 FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [{b0b19bf6-d22c-444b-8288-6b8409356150}] - C:\Program Files (x86)\Lyrics-Get\133.xpi FF Extension: No Name - C:\Program Files (x86)\Lyrics-Get\133.xpi Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128 CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ijodjbiibildhjdbjehpdjoglbnbfnpf] - C:\Program Files (x86)\Lyrics-Get\133.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] () R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated) R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated) R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) U3 idsvc; S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:07 - 2013-09-16 12:12 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp 2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll 2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-14 09:25 - 2013-09-16 09:36 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get 2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 21:48 - 2013-09-02 21:50 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-08-21 20:05 - 2013-08-23 10:18 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-09-16 10:57 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2013-08-19 14:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-08-19 14:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-08-19 14:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-08-19 14:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-08-19 14:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-08-19 14:48 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-08-19 14:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-08-19 14:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-08-19 14:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-08-19 14:48 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-08-19 14:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-08-19 14:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2013-08-19 14:38 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2013-08-19 14:38 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys 2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-08-19 14:38 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2013-08-19 14:37 - 2013-05-24 01:01 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2013-08-19 14:37 - 2013-05-24 00:27 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-08-19 14:37 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2013-08-19 14:37 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs 2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll 2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll 2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll 2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll 2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:12 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:10 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2013-09-16 12:09 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-09-16 11:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-16 11:30 - 2012-11-01 22:58 - 01945276 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 2013-09-16 11:00 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat 2013-09-16 11:00 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat 2013-09-16 11:00 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-16 10:57 - 2013-08-19 14:56 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job 2013-09-16 10:57 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-16 10:56 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-16 10:56 - 2012-07-26 09:21 - 00673522 _____ C:\WINDOWS\setupact.log 2013-09-16 10:55 - 2012-11-01 22:40 - 00039986 _____ C:\WINDOWS\PFRO.log 2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-09-16 09:36 - 2013-09-14 09:25 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get 2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 23:44 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr 2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll 2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log 2013-09-02 21:50 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages 2013-08-23 10:18 - 2013-08-21 20:05 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-19 14:03 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe 2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing 2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal Some content of TEMP: ==================== C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-16 11:08 ==================== End Of Log ============================ --- --- --- |
16.09.2013, 12:46 | #4 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Hier Gmer Teil1: GMER 2.1.19163 - GMER - Rootkit Detector and Remover Rootkit scan 2013-09-16 12:38:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS723216A7A364 rev.EC1ZB70B 149,05GB Running: gmer_2.1.19163.exe; Driver: C:\Users\NEUERB~1\AppData\Local\Temp\kxloapob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600009fd00 7 bytes [40, 6C, 82, 01, 00, 55, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600009fd08 7 bytes [01, B1, C1, FF, 00, A1, DC] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\csrss.exe[732] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[780] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wininit.exe[788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\services.exe[872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\ibmpmsvc.exe[344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[500] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[540] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\conhost.exe[1392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory |
16.09.2013, 12:46 | #5 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Hier GMER Teil 2: 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [780:796] fffff960008425e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1587657269 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 1164097 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer. Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9 ---- EOF - GMER 2.1 ---- |
16.09.2013, 12:52 | #6 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Entschuldigung, das war nicht wie gewünscht. Daher hier nochmals: Addtition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer at 2013-09-16 12:15:28 Running from C:\Users\Neuer Besitzer\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Anzeige am Bildschirm (Version: 6.70.00) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) avast! Free Antivirus (x32 Version: 8.0.1497.0) Bonjour (Version: 3.0.0.10) Bonjour-Druckdienste (Version: 2.0.2.0) Citrix Online Launcher (x32 Version: 1.0.122) Conexant 20585 SmartAudio HD (Version: 4.95.48.50) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32) Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0) FreePDF (Remove only) (x32) Google Chrome (x32 Version: 29.0.1547.66) Google Update Helper (x32 Version: 1.3.21.153) GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189) GPL Ghostscript (Version: 9.10) Integrated Camera Driver Installer Package Ver.1.1.0.48 (x32 Version: 1.1.0.48) Intel PROSet Wireless Intel PROSet Wireless (x32) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Management Engine Components (x32 Version: 6.0.0.1179) Intel(R) Network Connections Drivers (Version: 14.8) Intel(R) Processor Graphics (x32 Version: 8.15.10.2401) Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Lenovo Patch Utility (x32 Version: 1.3.1.1) Lenovo Patch Utility 64 bit (Version: 1.3.1.1) Lenovo Patch Utility 64 bit (Version: 1.4.0.4) Lenovo Settings - Camera Audio (Version: 4.0.97.0) Lenovo Settings Dependency Package (Version: 1.1.1.11) Lenovo Settings Mobile Hotspot (Version: 1.1.0.57) Lenovo System Interface Driver (Version: 1.05) Lenovo System Update (x32 Version: 5.02.0018) Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23) LyricsGet (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 Service Pack 1 (SP1) (x32) Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) MixiDJ chrome Toolbar (x32) Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1) Mozilla Maintenance Service (x32 Version: 23.0.1) OpenOffice.org 3.3 (x32 Version: 3.3.9567) Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250) RedMon - Redirection Port Monitor ThinkPad FullScreen Magnifier (Version: 2.40) ThinkPad Power Management Driver (Version: 1.64.00.00) ThinkPad UltraNav Driver (Version: 16.2.19.7) ThinkVantage Access Connections (x32 Version: 5.85) ThinkVantage System für aktiven Festplattenschutz (Version: 1.75) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32) Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553065) (x32) Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2566458) (x32) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32) Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32) Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32) Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32) Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32) Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32) VLC media player 2.1.0-rc2 (Version: 2.1.0-rc2) WISO Konto Online 2013 (x32 Version: 15.5.0.59) zebNet® Windows Keyfinder TNG 5.0.1.2 (Version: 5.0.1.2) ==================== Restore Points ========================= 02-09-2013 09:08:02 Windows Update 16-09-2013 09:09:19 Windows Update ==================== Hosts content: ========================== 2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {01D701B0-F4C4-4815-AEE5-217B6AD2383D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {0A78BE9E-BD6C-4C65-BCC1-F15E59BB3560} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation) Task: {0B235AF4-02EC-489E-AFBE-C82050A39D7E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {0C4D9E1D-10BB-4728-B556-B568E72E9794} - \LyricsGet Update No Task File Task: {1054C120-1EB9-48F7-A095-121A59C1B53E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2216669695-2906418150-1901199515-1003 => C:\Windows\System32\portabledeviceapi.dll [2012-07-26] (Microsoft Corporation) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation) Task: {119EC43B-1FCA-4363-BE12-4DA0770FC099} - System32\Tasks\User_Feed_Synchronization-{835C04DA-5AF2-4DAD-9A49-0F4A1E07D72C} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {14AF177B-BDF8-4056-AE31-87848D77A07B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {153B9BEA-AD7A-41F9-8A5E-5836167451C4} - System32\Tasks\4596 => C:\Windows\System32\wscript.exe [2012-07-26] (Microsoft Corporation) Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {17DA0648-ACC7-455C-9177-71F0C52FCD03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {1DB7FFDC-4614-41FE-BFBA-E9C4A74CBB11} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.) Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {21A60AE9-9F2D-43F5-8591-B5ADC045E5D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {31359161-6956-41A5-B54E-C62BE5F13BA9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {31F466D1-0475-4346-943E-8D800289EFAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3998CB31-C159-4979-BCAA-02783C9218DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44AA1725-EAA2-4351-AFE0-99DB0A4B4541} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4AAC020C-D53D-4515-AD55-491D91B74FEF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {4B996635-9C3C-4D49-A731-57EF0F6619B1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1000 Task: {53DDCC9F-6125-42EB-BAA6-792AC6A4738F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {55FE21DB-3203-4AC8-A829-59EFFDD545E7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {5C92DE07-286B-477A-A0DE-7A319EAE6244} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {5DB8468F-E861-4B89-A8E0-927E0EB4DD48} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {60351E1F-46BA-4935-879C-28C05C49D6F3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.) Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation) Task: {6399FCD6-5683-4341-9EB4-A527DAF54ED4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] () Task: {641791E5-CC72-40BA-A54F-FC84C32AE766} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {6E6BAD4A-4D4D-423B-B729-D220168FDC9C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {704C6B85-D3A9-4074-A991-EC71794043B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software) Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {8991C63F-7D27-421C-BEB8-49D346CAB431} - \BrowserDefendert No Task File Task: {8C85EDF1-EC47-451E-909B-E708638B3B34} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {914662E9-8DC6-4E9F-83E4-7CD290989236} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9B7BFD1D-64FE-4B89-ADE7-F462D487D848} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 Task: {9C3FEA9E-F571-4441-847F-55A2D26BC8B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {9C6F66FF-C5E5-44B9-8919-BE9E7083A46E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {A533E55B-8905-4461-ADB7-720CCED0CFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC600421-498C-433A-ACA9-74763908FAA8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B0870C67-774C-4072-9B06-950FF390C738} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {BB8593A2-C616-4349-ACC7-C71014F20A77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {BEA9FED3-FE9B-4E37-950A-F8FEA890AD91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {BFCA05DD-EF9E-4500-A5E8-3139E5090A4F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {C174DE89-C4CA-40DC-9D09-DA03AE94B084} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C51C1B36-9255-4BF2-9B97-67B41396C78E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {D37D9325-DB2A-4F77-A48E-ACCEAA330034} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {D50C4B42-50CD-484F-AE78-72256B696C37} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D7A76948-8353-4143-A912-61829725EF09} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation) Task: {D9D49257-2249-4962-951B-55588174D9FB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation) Task: {DA57D964-E021-4BA5-8D44-9C0E5E18B4B9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {DB4A80AB-9A15-437E-BD0E-7A4BC85E272F} - System32\Tasks\0 => Iexplore.exe Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F8FFA4BB-836E-4B38-9F59-7998CE447475} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv Task: {FAEF8084-D8CC-4713-971A-A20486102D64} - \EPUpdater No Task File Task: {FEC2ABE9-9E85-4E37-B2B1-3892DE1E2D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.) Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\LyricsGet Update.job => C:\Program Files (x86)\Lyrics-Get\LyricsUPD.exe Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe ==================== Loaded Modules (whitelisted) ============= 2011-06-27 17:06 - 2011-06-27 17:06 - 00348752 _____ (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\PcdToolbar584923.dll 2013-05-16 23:33 - 2013-04-18 07:32 - 00115712 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\SYSTEM32\Sensor64.dll 2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL 2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2012-09-14 23:46 - 2012-09-14 23:46 - 00286720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll 2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-04-07 17:30 - 2013-04-24 01:23 - 01048816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll 2013-04-24 01:22 - 2013-04-24 01:22 - 00229616 _____ (Synaptics Incorporated) C:\WINDOWS\SYSTEM32\SynTPAPI.dll 2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\system32\Sensor64.dll 2012-07-26 04:14 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msgsm32.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msg711.acm 2012-07-26 04:13 - 2012-07-26 05:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\imaadp32.acm 2012-07-26 04:14 - 2012-07-26 05:04 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msadp32.acm 2011-11-02 00:26 - 2011-11-02 00:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\WINDOWS\SYSTEM32\dnssd.dll 2013-08-19 21:55 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-11 14:40 - 2013-09-11 14:40 - 00145920 _____ () C:\Program Files (x86)\Lyrics-Get\133.dll 2013-05-10 23:35 - 2013-06-28 00:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx 2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF ==================== Alternate Data Streams (whitelisted) ========== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/16/2013 00:06:13 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x4232a581 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000054ec ID des fehlerhaften Prozesses: 0x2108 Startzeit der fehlerhaften Anwendung: 0xsetup.exe_unknown0 Pfad der fehlerhaften Anwendung: setup.exe_unknown1 Pfad des fehlerhaften Moduls: setup.exe_unknown2 Berichtskennung: setup.exe_unknown3 Vollständiger Name des fehlerhaften Pakets: setup.exe_unknown4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_unknown5 Error: (09/16/2013 11:38:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (09/16/2013 11:23:56 AM) (Source: Application Hang) (User: ) Description: Programm IEXPLORE.EXE, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 157c Startzeit: 01ceb2bda189a742 Endzeit: 4 Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Berichts-ID: b3115bcb-1eb1-11e3-be86-e02a82f2a4a9 Vollständiger Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien. Error: (09/16/2013 09:10:01 AM) (Source: ESENT) (User: ) Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log. System errors: ============= Error: (09/16/2013 10:55:59 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT) Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "ACGina". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat. Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898". Error: (09/16/2013 09:13:40 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT) Description: 0xc000014d0 Error: (09/15/2013 00:19:56 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/14/2013 10:36:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/14/2013 10:24:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/11/2013 00:22:43 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/11/2013 08:25:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/10/2013 07:19:08 PM) (Source: Microsoft-Windows-Kernel-Power) (User: ) Description: 5 Error: (09/10/2013 06:14:38 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht. Error: (09/10/2013 06:14:25 PM) (Source: Server) (User: ) Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E3B1DA03-E878-461A-B7E3-B3383A386A66} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden. Microsoft Office Sessions: ========================= Error: (09/16/2013 00:06:13 PM) (Source: Application Error)(User: ) Description: setup.exe_unknown0.0.0.04232a581ntdll.dll6.2.9200.1657951637f77c000000500000000000054ec210801ceb2c45fcc5dd1C:\Users\Neuer Besitzer\AppData\Local\Temp\IXP001.TMP\setup.exeC:\WINDOWS\SYSTEM32\ntdll.dll9df2d7c1-1eb7-11e3-be86-e02a82f2a4a9 Error: (09/16/2013 11:38:17 AM) (Source: SideBySide)(User: ) Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0 Error: (09/16/2013 11:23:56 AM) (Source: Application Hang)(User: ) Description: IEXPLORE.EXE10.0.9200.16660157c01ceb2bda189a7424C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb3115bcb-1eb1-11e3-be86-e02a82f2a4a9 Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Error: (09/16/2013 09:10:01 AM) (Source: ESENT)(User: ) Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8) CodeIntegrity Errors: =================================== Date: 2013-09-02 14:24:28.641 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.203 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.078 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:28.016 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:27.969 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:24.719 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:24:24.234 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:23:18.206 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. Date: 2013-09-02 14:23:18.128 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load. ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 3891.66 MB Available physical RAM: 1641.66 MB Total Pagefile: 7859.66 MB Available Pagefile: 5429.24 MB Total Virtual: 8192 MB Available Virtual: 8191.77 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:148.45 GB) (Free:104.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 65C6DBE7) Partition 1: (Not Active) - (Size=512 MB) - (Type=05) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 09:04 on 16/09/2013 (Neuer Besitzer) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 12:14:49 Running from C:\Users\Neuer Besitzer\Desktop Windows 8 Pro (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: LyricsGet - {602b2047-753a-4013-b389-df32f2a78a96} - C:\Program Files (x86)\Lyrics-Get\133.dll () BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default FF user.js: detected! => C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js FF SearchEngineOrder.1: Mixi.DJ Search FF SelectedSearchEngine: Mixi.DJ Search FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130 FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF FF HKCU\...\Firefox\Extensions: [{b0b19bf6-d22c-444b-8288-6b8409356150}] - C:\Program Files (x86)\Lyrics-Get\133.xpi FF Extension: No Name - C:\Program Files (x86)\Lyrics-Get\133.xpi Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128 CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [ijodjbiibildhjdbjehpdjoglbnbfnpf] - C:\Program Files (x86)\Lyrics-Get\133.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] () R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated) R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated) R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) U3 idsvc; S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:07 - 2013-09-16 12:12 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp 2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll 2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-14 09:25 - 2013-09-16 09:36 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get 2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 21:48 - 2013-09-02 21:50 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-08-21 20:05 - 2013-08-23 10:18 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-09-16 10:57 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2013-08-19 14:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-08-19 14:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-08-19 14:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-08-19 14:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-08-19 14:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-08-19 14:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-08-19 14:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-08-19 14:48 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-08-19 14:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-08-19 14:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-08-19 14:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-08-19 14:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-08-19 14:48 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-08-19 14:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-08-19 14:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-08-19 14:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2013-08-19 14:38 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2013-08-19 14:38 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys 2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-08-19 14:38 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2013-08-19 14:37 - 2013-05-24 01:01 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2013-08-19 14:37 - 2013-05-24 00:27 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-08-19 14:37 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2013-08-19 14:37 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-08-19 14:37 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs 2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll 2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll 2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll 2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll 2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:12 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:10 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2013-09-16 12:09 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-09-16 11:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-16 11:30 - 2012-11-01 22:58 - 01945276 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 2013-09-16 11:00 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat 2013-09-16 11:00 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat 2013-09-16 11:00 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-16 10:57 - 2013-08-19 14:56 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job 2013-09-16 10:57 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-16 10:56 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-16 10:56 - 2012-07-26 09:21 - 00673522 _____ C:\WINDOWS\setupact.log 2013-09-16 10:55 - 2012-11-01 22:40 - 00039986 _____ C:\WINDOWS\PFRO.log 2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-09-16 09:36 - 2013-09-14 09:25 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get 2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 23:44 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr 2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll 2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log 2013-09-02 21:50 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages 2013-08-23 10:18 - 2013-08-21 20:05 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-19 14:03 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe 2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing 2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal Some content of TEMP: ==================== C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-16 11:08 ==================== End Of Log ============================ --- --- --- |
16.09.2013, 12:53 | #7 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Gmer Teil 1: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-16 12:38:50 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS723216A7A364 rev.EC1ZB70B 149,05GB Running: gmer_2.1.19163.exe; Driver: C:\Users\NEUERB~1\AppData\Local\Temp\kxloapob.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600009fd00 7 bytes [40, 6C, 82, 01, 00, 55, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600009fd08 7 bytes [01, B1, C1, FF, 00, A1, DC] ---- User code sections - GMER 2.1 ---- .text C:\WINDOWS\system32\csrss.exe[732] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\csrss.exe[780] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wininit.exe[788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\services.exe[872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\lsass.exe[880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\ibmpmsvc.exe[344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[500] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\dwm.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\svchost.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[540] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1208] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\svchost.exe[1232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\conhost.exe[1392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07] .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory |
16.09.2013, 12:53 | #8 |
/// TB-Ausbilder | Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Ok, dann: Schritt 1
Schritt 2 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 3 Starte noch einmal FRST.
__________________ cheers, Leo |
16.09.2013, 12:54 | #9 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Gmer Teil 2: Code:
ATTFilter 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [780:796] fffff960008425e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1587657269 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 1164097 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer. Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9 ---- EOF - GMER 2.1 ---- |
16.09.2013, 12:55 | #10 |
/// TB-Ausbilder | Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Meine nächsten Anweisungen stehen in meinem vorherigen Post.
__________________ cheers, Leo |
16.09.2013, 12:55 | #11 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Gmer Teil 2: Code:
ATTFilter 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07] .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62] .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4 .text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [780:796] fffff960008425e8 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1587657269 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description avast! WFP Redirect driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description avast! Revert Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 1164097 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description avast! virtualization driver (aswSnx) Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description avast! Self Protection Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName avast! Network Shield Support Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group PNP_TDI Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService tcpip? Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description avast! Network Shield TDI driver Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag 10 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description avast! VM Monitor Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS? Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer. Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9 ---- EOF - GMER 2.1 ---- |
16.09.2013, 12:58 | #12 |
/// TB-Ausbilder | Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Ok, die nächsten Schritte sind hier: http://www.trojaner-board.de/141644-...ml#post1156194
__________________ cheers, Leo |
16.09.2013, 13:40 | #13 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Ergebnis adwcleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.004 - Bericht erstellt am 16/09/2013 um 14:25:40 # Updated 15/09/2013 von Xplode # Betriebssystem : Windows 8 Pro (64 bits) # Benutzername : Neuer Besitzer - USER-PC # Gestartet von : C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Users\Neuer Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp Ordner Gelöscht : C:\Users\Neuer Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn Datei Gelöscht : C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsGet Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 -\\ Mozilla Firefox v23.0.1 (de) [ Datei : C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\prefs.js ] ************************* AdwCleaner[R0].txt - [8899 octets] - [02/09/2013 21:48:42] AdwCleaner[R1].txt - [1946 octets] - [16/09/2013 14:24:38] AdwCleaner[S0].txt - [8602 octets] - [02/09/2013 21:49:58] AdwCleaner[S1].txt - [1816 octets] - [16/09/2013 14:25:40] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1876 octets] ########## [/CODE] FRST Ergebnis: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 14:36:34 Running from C:\Users\Neuer Besitzer\Desktop Windows 8 Pro (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default FF SearchEngineOrder.1: Mixi.DJ Search FF SelectedSearchEngine: Mixi.DJ Search FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130 FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128 CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] () R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated) R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated) R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) U3 idsvc; S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt 2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP 2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe 2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt 2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt 2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt 2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe 2013-09-16 12:15 - 2013-09-16 12:16 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt 2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:07 - 2013-09-16 14:34 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp 2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll 2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-14 09:37 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2013-09-14 09:37 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2013-09-14 09:37 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-09-14 09:37 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe 2013-09-14 09:37 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2013-09-14 09:37 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-09-14 09:37 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2013-09-14 09:37 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-09-14 09:37 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2013-09-14 09:37 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2013-09-14 09:37 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll 2013-09-14 09:36 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-14 09:36 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-14 09:36 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-09-14 09:36 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-09-14 09:36 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-09-14 09:36 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-09-14 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-09-14 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-09-14 09:36 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-09-14 09:36 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2013-09-14 09:36 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2013-09-14 09:36 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2013-09-14 09:36 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll 2013-09-14 09:36 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2013-09-14 09:36 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2013-09-14 09:36 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2013-09-14 09:36 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2013-09-14 09:36 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-09-14 09:36 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2013-09-14 09:36 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2013-09-14 09:36 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-09-14 09:36 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-09-14 09:36 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-09-14 09:36 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe 2013-09-14 09:36 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe 2013-09-14 09:36 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2013-09-14 09:36 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2013-09-14 09:36 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2013-09-14 09:36 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2013-09-14 09:36 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2013-09-14 09:36 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2013-09-14 09:36 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2013-09-14 09:36 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2013-09-14 09:36 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll 2013-09-14 09:36 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll 2013-09-14 09:36 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll 2013-09-14 09:36 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll 2013-09-14 09:36 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2013-09-14 09:36 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2013-09-14 09:36 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2013-09-14 09:36 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2013-09-14 09:36 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2013-09-14 09:36 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2013-09-14 09:36 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2013-09-14 09:36 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2013-09-14 09:36 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2013-09-14 09:36 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2013-09-14 09:35 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 21:48 - 2013-09-16 14:25 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys 2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs 2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll 2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll 2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll 2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll 2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt 2013-09-16 14:34 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 14:34 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-16 14:33 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-16 14:33 - 2012-07-26 09:21 - 00678954 _____ C:\WINDOWS\setupact.log 2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP 2013-09-16 14:32 - 2012-11-01 22:40 - 00047256 _____ C:\WINDOWS\PFRO.log 2013-09-16 14:29 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2013-09-16 14:26 - 2012-11-01 22:58 - 01997269 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2013-09-16 14:26 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe 2013-09-16 14:25 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner 2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe 2013-09-16 14:22 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2013-09-16 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-09-16 13:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt 2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt 2013-09-16 12:39 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt 2013-09-16 12:23 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat 2013-09-16 12:23 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat 2013-09-16 12:23 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe 2013-09-16 12:16 - 2013-09-16 12:15 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt 2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr 2013-09-05 22:09 - 2013-01-29 20:54 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-09-05 22:09 - 2013-01-29 20:54 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll 2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages 2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 06:12 - 2013-09-14 09:36 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-08-21 06:12 - 2013-09-14 09:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-08-21 06:11 - 2013-09-14 09:36 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-08-21 04:34 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-08-21 04:06 - 2013-09-14 09:36 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-08-21 04:06 - 2013-09-14 09:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-08-21 04:06 - 2013-09-14 09:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-08-21 03:43 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-08-21 01:52 - 2013-09-14 09:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing 2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal Some content of TEMP: ==================== C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-16 11:08 ==================== End Of Log ============================ |
16.09.2013, 13:53 | #14 |
/// TB-Ausbilder | Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise Welche Probleme bestehen nach diesen Schritten noch? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130 FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131 FF SearchEngineOrder.1: Mixi.DJ Search FF SelectedSearchEngine: Mixi.DJ Search AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 3 ESET Online Scanner
__________________ cheers, Leo |
16.09.2013, 15:52 | #15 |
| Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise So es hat etwas gedauert bis Eset durch war mit dem Scan. Hier die drei Log Files: 1. FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01 Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 14:36:34 Running from C:\Users\Neuer Besitzer\Desktop Windows 8 Pro (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Intel Corporation) C:\WINDOWS\system32\igfxext.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe (Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe () C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe () C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe (Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo) HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation) HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] () HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated) HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited) HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation) HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de) AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] () Lsa: [Notification Packages] scecli ACGina Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01 BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default FF SearchEngineOrder.1: Mixi.DJ Search FF SelectedSearchEngine: Mixi.DJ Search FF Homepage: hxxp://www.google.de/ig FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130 FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131 FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0 CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128 CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software) S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.) R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited) S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation) R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo) R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] () R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] () S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software) R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software) R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] () R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software) R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software) R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] () S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated) R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated) R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated) U3 idsvc; S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt 2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP 2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe 2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt 2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt 2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt 2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe 2013-09-16 12:15 - 2013-09-16 12:16 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt 2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:07 - 2013-09-16 14:34 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp 2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll 2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-14 09:37 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2013-09-14 09:37 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll 2013-09-14 09:37 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2013-09-14 09:37 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe 2013-09-14 09:37 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2013-09-14 09:37 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2013-09-14 09:37 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2013-09-14 09:37 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2013-09-14 09:37 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll 2013-09-14 09:37 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2013-09-14 09:37 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2013-09-14 09:37 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2013-09-14 09:37 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll 2013-09-14 09:36 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-14 09:36 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-14 09:36 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-09-14 09:36 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-09-14 09:36 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-09-14 09:36 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-09-14 09:36 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-09-14 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-09-14 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-09-14 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-09-14 09:36 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-09-14 09:36 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys 2013-09-14 09:36 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2013-09-14 09:36 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2013-09-14 09:36 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2013-09-14 09:36 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll 2013-09-14 09:36 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll 2013-09-14 09:36 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2013-09-14 09:36 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2013-09-14 09:36 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2013-09-14 09:36 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2013-09-14 09:36 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2013-09-14 09:36 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2013-09-14 09:36 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2013-09-14 09:36 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2013-09-14 09:36 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-09-14 09:36 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe 2013-09-14 09:36 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe 2013-09-14 09:36 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2013-09-14 09:36 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2013-09-14 09:36 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2013-09-14 09:36 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2013-09-14 09:36 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys 2013-09-14 09:36 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2013-09-14 09:36 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2013-09-14 09:36 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2013-09-14 09:36 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll 2013-09-14 09:36 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll 2013-09-14 09:36 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll 2013-09-14 09:36 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll 2013-09-14 09:36 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll 2013-09-14 09:36 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll 2013-09-14 09:36 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2013-09-14 09:36 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2013-09-14 09:36 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2013-09-14 09:36 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2013-09-14 09:36 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2013-09-14 09:36 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2013-09-14 09:36 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2013-09-14 09:36 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2013-09-14 09:35 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 21:48 - 2013-09-16 14:25 - 00000000 ____D C:\AdwCleaner 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll 2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll 2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys 2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe 2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll 2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe 2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll 2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys 2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll 2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll 2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe 2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys 2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe 2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe 2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll 2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe 2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll 2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll 2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll 2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl 2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs 2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs 2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll 2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll 2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe 2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll 2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll 2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys 2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys 2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll 2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe 2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll 2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll 2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll ==================== One Month Modified Files and Folders ======= 2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt 2013-09-16 14:34 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP 2013-09-16 14:34 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp 2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-16 14:33 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-09-16 14:33 - 2012-07-26 09:21 - 00678954 _____ C:\WINDOWS\setupact.log 2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP 2013-09-16 14:32 - 2012-11-01 22:40 - 00047256 _____ C:\WINDOWS\PFRO.log 2013-09-16 14:29 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job 2013-09-16 14:26 - 2012-11-01 22:58 - 01997269 _____ C:\WINDOWS\WindowsUpdate.log 2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore 2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2013-09-16 14:26 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe 2013-09-16 14:25 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner 2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe 2013-09-16 14:22 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job 2013-09-16 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-09-16 13:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt 2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt 2013-09-16 12:39 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt 2013-09-16 12:23 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat 2013-09-16 12:23 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat 2013-09-16 12:23 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe 2013-09-16 12:16 - 2013-09-16 12:15 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt 2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt 2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF 2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP 2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs 2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe 2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz 2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE 2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003 2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome 2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe 2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log 2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable 2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer 2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe 2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc 2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss 2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk 2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN 2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe 2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe 2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe 2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe 2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx 2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr 2013-09-05 22:09 - 2013-01-29 20:54 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-09-05 22:09 - 2013-01-29 20:54 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services 2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod 2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer 2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer 2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java 2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll 2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log 2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe 2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update 2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software 2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys 2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys 2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys 2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe 2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix 2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix 2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini 2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online 2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc 2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH 2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service 2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH 2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp 2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl 2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages 2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework 2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform 2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8 2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office 2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services 2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew 2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help 2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache 2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe 2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia 2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe 2013-08-21 06:12 - 2013-09-14 09:36 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-08-21 06:12 - 2013-09-14 09:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-08-21 06:11 - 2013-09-14 09:36 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-08-21 06:11 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-08-21 04:34 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-08-21 04:06 - 2013-09-14 09:36 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-08-21 04:06 - 2013-09-14 09:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-08-21 04:06 - 2013-09-14 09:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-08-21 04:05 - 2013-09-14 09:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-08-21 03:43 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-08-21 01:52 - 2013-09-14 09:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla 2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism 2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt 2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org 2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet 2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google 2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia 2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing 2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal Some content of TEMP: ==================== C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-16 11:08 ==================== End Of Log ============================ 2. Malwarebytes Log: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.16.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16688 Neuer Besitzer :: USER-PC [Administrator] 16.09.2013 15:07:07 MBAM-log-2013-09-16 (15-11-42).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 251332 Laufzeit: 4 Minute(n), 14 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\AppID\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{2C141B4C-B5BA-4E89-BE73-F71ED4A208CF} (PUP.Optional.MixiDJToolbar.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{7D0EE142-0642-4FDD-AF73-7399C04E1041} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\esrv.mixidjESrvc.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\esrv.mixidjESrvc (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{C3F978C3-0594-4397-B8E6-3F9D9BE6A7B9} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\CLSID\{F9221CC8-22DF-4CEF-B8ED-BA87F1F09878} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\m (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Typelib\{8BA772A8-AC4F-4954-9B5E-433CA6DC506F} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKCR\Interface\{108F5878-71F9-4B5C-9EC0-58CEC29E8124} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A105B30B-D103-4781-B18C-E8DF93B6EBD0} (PUP.Optional.MixiDJ.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Keine Aktion durchgeführt. HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj\mixidj (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.18.8 (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 13 C:\ProgramData\InstallMate\{1A3C22F2-D546-4EC0-927E-EFAEDAC18C52}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. C:\ProgramData\InstallMate\{1A3C22F2-D546-4EC0-927E-EFAEDAC18C52}\TsuDll.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe (PUP.Optional.Smart) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\MyMixiTB.exe (PUP.Optional.MixiDJ.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\Setup.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt. C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6cf6228a3c184944bd7cb6cae5217131 # engine=15150 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-16 02:42:56 # local_time=2013-09-16 04:42:56 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=774 16777213 85 91 1191436 156052448 0 0 # compatibility_mode=5893 16776574 100 94 1191350 6626051 0 0 # scanned=189241 # found=2 # cleaned=0 # scan_time=4325 sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=E380C75C9904013FB23E09EB8B819B8B4998FD6A ft=1 fh=8a21180e008fd756 vn="multiple threats" ac=I fn="C:\Windows\Temp\Optimizer_Pro.exe" |
Themen zu Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise |
avast, besitzer, browser, computer, dateien, eingeschränkt, explorer, firefox, folge, gebraucht, gmer, internet, internet explorer, langsam, laptop, links, pdf, popups, problem, scan, spyware, surfen, system, virenscanner, windows, windows 8 64 bit, öffnen |