Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 16.09.2013, 12:28   #1
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Ausrufezeichen

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Habe einen Laptop gebraucht mit Windows 8 installiert gekauft.
Von Beginn an, habe ich das Phänomen, dass sich sowohl in Firefox, wie auch im Internet Explorer (weitere Browser habe ich nicht probiert) Popups öffnen, die darauf hinweisen, dass mein Computer langsam sei oder sich Spyware auf meinem System befinden würde.
Teilweise befinden sich diese Informationen wie Werbebanner eingebettet in den aufgerufenen Websiten.
Hatte dann Avast als Virenscanner installiert und von da an war es etwas besser, jedoch nicht behoben.
Habe heute noch mit Avast einen Scan beim Hochfahren gemacht, wobei recht viele Funde in den Container verschoben wurden.
Einige wenige Dateien konnte ich weder verschieben, noch reparieren, noch löschen. Z.B. folgende:
C:\Users\Neuer Besitzer\App Data\Local\Mircrosoft\Windows\Temporary Internet Files\Content.IE5\2WCUO1BA\pack [1].7Z | > protector.dll

Im Anhang habe ich die geforderten Log.Files angehängt (Gmer Datei war zu groß zum hochladen, daher in zwei Dateien aufgeteilt) und ein paar Screenshots in PDF Form, wie sich das Problem im Browser darstellt. Den Container von Avast hätte ich auch gerne hochgeladen, jedoch sind die Screenshots zu groß und die Möglichkeit eine .txt zu erstellen habe ich bei Avast nicht gefunden.

Nutze den Computer bislang nur eingeschränkt, da ich Angst habe, dass meine Daten ausgespäht werden.

Ein Leistungsdefizit konnte ich bisher jedoch nicht feststellen, es ist nur kein normales Surfen im Internet möglich ohne ständig gestört zu werden und den angebotenen Links mit Downloadbuttons vertraue ich nicht.

Bitte um eure Hilfe um meinen Computer wieder sauber zu bekommen.
Angehängte Dateien
Dateityp: pdf Screenshot IE mit Auforderungen.pdf (132,2 KB, 135x aufgerufen)
Dateityp: pdf Screenshot IE mit Auforderungen2.pdf (169,7 KB, 161x aufgerufen)

Alt 16.09.2013, 12:36   #2
aharonov
/// TB-Ausbilder
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Hallo,

hänge die Logfiles bitte nicht an (das erschwert mir das Auswerten massiv), sondern füge deren Inhalt direkt innerhalb von Codetags ein: [code]Inhalt Logfile[/code]. (Anleitung))
Wenn es zu viele Zeichen sind, dann teile die Logs auf mehrere Posts auf. Danke.
__________________

__________________

Alt 16.09.2013, 12:43   #3
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Werde die Logs einzeln posten, damit es nicht zu unübersichtlich wird.

Hier der erste Log:

Addition:FRST Additions Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer at 2013-09-16 12:15:28
Running from C:\Users\Neuer Besitzer\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Anzeige am Bildschirm (Version: 6.70.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.2.0)
Citrix Online Launcher (x32 Version: 1.0.122)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
FreePDF (Remove only) (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189)
GPL Ghostscript (Version: 9.10)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (x32 Version: 1.1.0.48)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 14.8)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2401)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Patch Utility (x32 Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4)
Lenovo Settings - Camera Audio (Version: 4.0.97.0)
Lenovo Settings Dependency Package (Version: 1.1.1.11)
Lenovo Settings Mobile Hotspot (Version: 1.1.0.57)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0018)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
LyricsGet (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MixiDJ chrome Toolbar (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
RedMon - Redirection Port Monitor
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 5.85)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.75)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
VLC media player 2.1.0-rc2 (Version: 2.1.0-rc2)
WISO Konto Online 2013 (x32 Version: 15.5.0.59)
zebNet® Windows Keyfinder TNG 5.0.1.2 (Version: 5.0.1.2)

==================== Restore Points  =========================

02-09-2013 09:08:02 Windows Update
16-09-2013 09:09:19 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01D701B0-F4C4-4815-AEE5-217B6AD2383D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0A78BE9E-BD6C-4C65-BCC1-F15E59BB3560} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation)
Task: {0B235AF4-02EC-489E-AFBE-C82050A39D7E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0C4D9E1D-10BB-4728-B556-B568E72E9794} - \LyricsGet Update No Task File
Task: {1054C120-1EB9-48F7-A095-121A59C1B53E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2216669695-2906418150-1901199515-1003 => C:\Windows\System32\portabledeviceapi.dll [2012-07-26] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {119EC43B-1FCA-4363-BE12-4DA0770FC099} - System32\Tasks\User_Feed_Synchronization-{835C04DA-5AF2-4DAD-9A49-0F4A1E07D72C} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {14AF177B-BDF8-4056-AE31-87848D77A07B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {153B9BEA-AD7A-41F9-8A5E-5836167451C4} - System32\Tasks\4596 => C:\Windows\System32\wscript.exe [2012-07-26] (Microsoft Corporation)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {17DA0648-ACC7-455C-9177-71F0C52FCD03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1DB7FFDC-4614-41FE-BFBA-E9C4A74CBB11} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {21A60AE9-9F2D-43F5-8591-B5ADC045E5D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {31359161-6956-41A5-B54E-C62BE5F13BA9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {31F466D1-0475-4346-943E-8D800289EFAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3998CB31-C159-4979-BCAA-02783C9218DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44AA1725-EAA2-4351-AFE0-99DB0A4B4541} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4AAC020C-D53D-4515-AD55-491D91B74FEF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4B996635-9C3C-4D49-A731-57EF0F6619B1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1000
Task: {53DDCC9F-6125-42EB-BAA6-792AC6A4738F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE21DB-3203-4AC8-A829-59EFFDD545E7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5C92DE07-286B-477A-A0DE-7A319EAE6244} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DB8468F-E861-4B89-A8E0-927E0EB4DD48} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {60351E1F-46BA-4935-879C-28C05C49D6F3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6399FCD6-5683-4341-9EB4-A527DAF54ED4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {641791E5-CC72-40BA-A54F-FC84C32AE766} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6E6BAD4A-4D4D-423B-B729-D220168FDC9C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {704C6B85-D3A9-4074-A991-EC71794043B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8991C63F-7D27-421C-BEB8-49D346CAB431} - \BrowserDefendert No Task File
Task: {8C85EDF1-EC47-451E-909B-E708638B3B34} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {914662E9-8DC6-4E9F-83E4-7CD290989236} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9B7BFD1D-64FE-4B89-ADE7-F462D487D848} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
Task: {9C3FEA9E-F571-4441-847F-55A2D26BC8B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9C6F66FF-C5E5-44B9-8919-BE9E7083A46E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A533E55B-8905-4461-ADB7-720CCED0CFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC600421-498C-433A-ACA9-74763908FAA8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B0870C67-774C-4072-9B06-950FF390C738} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {BB8593A2-C616-4349-ACC7-C71014F20A77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BEA9FED3-FE9B-4E37-950A-F8FEA890AD91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {BFCA05DD-EF9E-4500-A5E8-3139E5090A4F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C174DE89-C4CA-40DC-9D09-DA03AE94B084} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C51C1B36-9255-4BF2-9B97-67B41396C78E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D37D9325-DB2A-4F77-A48E-ACCEAA330034} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D50C4B42-50CD-484F-AE78-72256B696C37} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D7A76948-8353-4143-A912-61829725EF09} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {D9D49257-2249-4962-951B-55588174D9FB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation)
Task: {DA57D964-E021-4BA5-8D44-9C0E5E18B4B9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {DB4A80AB-9A15-437E-BD0E-7A4BC85E272F} - System32\Tasks\0 => Iexplore.exe 
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F8FFA4BB-836E-4B38-9F59-7998CE447475} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {FAEF8084-D8CC-4713-971A-A20486102D64} - \EPUpdater No Task File
Task: {FEC2ABE9-9E85-4E37-B2B1-3892DE1E2D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\LyricsGet Update.job => C:\Program Files (x86)\Lyrics-Get\LyricsUPD.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-06-27 17:06 - 2011-06-27 17:06 - 00348752 _____ (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\PcdToolbar584923.dll
2013-05-16 23:33 - 2013-04-18 07:32 - 00115712 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\SYSTEM32\Sensor64.dll
2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-14 23:46 - 2012-09-14 23:46 - 00286720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll
2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-07 17:30 - 2013-04-24 01:23 - 01048816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2013-04-24 01:22 - 2013-04-24 01:22 - 00229616 _____ (Synaptics Incorporated) C:\WINDOWS\SYSTEM32\SynTPAPI.dll
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\system32\Sensor64.dll
2012-07-26 04:14 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msgsm32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msg711.acm
2012-07-26 04:13 - 2012-07-26 05:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\imaadp32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msadp32.acm
2011-11-02 00:26 - 2011-11-02 00:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\WINDOWS\SYSTEM32\dnssd.dll
2013-08-19 21:55 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 14:40 - 2013-09-11 14:40 - 00145920 _____ () C:\Program Files (x86)\Lyrics-Get\133.dll
2013-05-10 23:35 - 2013-06-28 00:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 00:06:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x4232a581
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000054ec
ID des fehlerhaften Prozesses: 0x2108
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_unknown0
Pfad der fehlerhaften Anwendung: setup.exe_unknown1
Pfad des fehlerhaften Moduls: setup.exe_unknown2
Berichtskennung: setup.exe_unknown3
Vollständiger Name des fehlerhaften Pakets: setup.exe_unknown4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_unknown5

Error: (09/16/2013 11:38:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/16/2013 11:23:56 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 157c

Startzeit: 01ceb2bda189a742

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: b3115bcb-1eb1-11e3-be86-e02a82f2a4a9

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:01 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (09/16/2013 10:55:59 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "ACGina". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat.  Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898".

Error: (09/16/2013 09:13:40 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/15/2013 00:19:56 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/14/2013 10:36:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/14/2013 10:24:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/11/2013 00:22:43 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/11/2013 08:25:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/10/2013 07:19:08 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/10/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.

Error: (09/10/2013 06:14:25 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E3B1DA03-E878-461A-B7E3-B3383A386A66} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (09/16/2013 00:06:13 PM) (Source: Application Error)(User: )
Description: setup.exe_unknown0.0.0.04232a581ntdll.dll6.2.9200.1657951637f77c000000500000000000054ec210801ceb2c45fcc5dd1C:\Users\Neuer Besitzer\AppData\Local\Temp\IXP001.TMP\setup.exeC:\WINDOWS\SYSTEM32\ntdll.dll9df2d7c1-1eb7-11e3-be86-e02a82f2a4a9

Error: (09/16/2013 11:38:17 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (09/16/2013 11:23:56 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16660157c01ceb2bda189a7424C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb3115bcb-1eb1-11e3-be86-e02a82f2a4a9

Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:01 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)


CodeIntegrity Errors:
===================================
  Date: 2013-09-02 14:24:28.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:27.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:24.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:24.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:23:18.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:23:18.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 3891.66 MB
Available physical RAM: 1641.66 MB
Total Pagefile: 7859.66 MB
Available Pagefile: 5429.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.45 GB) (Free:104.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 65C6DBE7)
Partition 1: (Not Active) - (Size=512 MB) - (Type=05)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
--- --- ---


Hier defogger_disable:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:04 on 16/09/2013 (Neuer Besitzer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Hier FRST:
FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 12:14:49
Running from C:\Users\Neuer Besitzer\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsGet - {602b2047-753a-4013-b389-df32f2a78a96} - C:\Program Files (x86)\Lyrics-Get\133.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default
FF user.js: detected! => C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{b0b19bf6-d22c-444b-8288-6b8409356150}] - C:\Program Files (x86)\Lyrics-Get\133.xpi
FF Extension: No Name - C:\Program Files (x86)\Lyrics-Get\133.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128
CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ijodjbiibildhjdbjehpdjoglbnbfnpf] - C:\Program Files (x86)\Lyrics-Get\133.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] ()
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
U3 idsvc; 
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:07 - 2013-09-16 12:12 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp
2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll
2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-14 09:25 - 2013-09-16 09:36 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get
2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 21:48 - 2013-09-02 21:50 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-08-21 20:05 - 2013-08-23 10:18 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-09-16 10:57 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-19 14:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-19 14:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-19 14:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-19 14:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-08-19 14:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-08-19 14:48 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-08-19 14:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-08-19 14:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-08-19 14:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-08-19 14:48 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-08-19 14:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-19 14:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-08-19 14:38 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-08-19 14:38 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-08-19 14:38 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-08-19 14:37 - 2013-05-24 01:01 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-08-19 14:37 - 2013-05-24 00:27 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-08-19 14:37 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2013-08-19 14:37 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:12 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:10 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2013-09-16 12:09 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 11:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 11:30 - 2012-11-01 22:58 - 01945276 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
2013-09-16 11:00 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-09-16 11:00 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-09-16 11:00 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-16 10:57 - 2013-08-19 14:56 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job
2013-09-16 10:57 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 10:56 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-16 10:56 - 2012-07-26 09:21 - 00673522 _____ C:\WINDOWS\setupact.log
2013-09-16 10:55 - 2012-11-01 22:40 - 00039986 _____ C:\WINDOWS\PFRO.log
2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-09-16 09:36 - 2013-09-14 09:25 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get
2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 23:44 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr
2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log
2013-09-02 21:50 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages
2013-08-23 10:18 - 2013-08-21 20:05 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-19 14:03 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal

Some content of TEMP:
====================
C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 11:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---
__________________

Alt 16.09.2013, 12:46   #4
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Hier Gmer Teil1:

GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-09-16 12:38:50
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS723216A7A364 rev.EC1ZB70B 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\NEUERB~1\AppData\Local\Temp\kxloapob.sys


---- Kernel code sections - GMER 2.1 ----

.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff9600009fd00 7 bytes [40, 6C, 82, 01, 00, 55, F2]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff9600009fd08 7 bytes [01, B1, C1, FF, 00, A1, DC]

---- User code sections - GMER 2.1 ----

.text C:\WINDOWS\system32\csrss.exe[732] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\csrss.exe[780] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\wininit.exe[788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\services.exe[872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\lsass.exe[880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\ibmpmsvc.exe[344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[500] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\dwm.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\System32\svchost.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[540] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1208] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\svchost.exe[1232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07]
.text C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07]
.text C:\WINDOWS\system32\conhost.exe[1392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007f8edf01b32 4 bytes [F0, ED, F8, 07]
.text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007f8edf01b3a 4 bytes [F0, ED, F8, 07]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory

Alt 16.09.2013, 12:46   #5
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Hier GMER Teil 2:

000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690 000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698 000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007f8f579177a 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007f8f5791782 4 bytes [79, F5, F8, 07]
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163 000007f8f382f7eb 1 byte [62]
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess 000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread 000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll 000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService 000007f8f5747510 5 bytes JMP 000007f975790b14
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW 000007f8f57475d0 5 bytes JMP 000007f97579075c
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007f8f5747b20 5 bytes JMP 000007f975791284
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA 000007f8f576b034 5 bytes JMP 000007f9757903a4
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW 000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook 000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA 000007f8f5dd1850 5 bytes JMP 000007f975ef0b14

---- Threads - GMER 2.1 ----

Thread C:\WINDOWS\system32\csrss.exe [780:796] fffff960008425e8

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1587657269
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter 1164097
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot \Device\HarddiskVolume2\WINDOWS
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag 10
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\Services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9

---- EOF - GMER 2.1 ----


Alt 16.09.2013, 12:52   #6
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Entschuldigung, das war nicht wie gewünscht.
Daher hier nochmals:

Addtition:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer at 2013-09-16 12:15:28
Running from C:\Users\Neuer Besitzer\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Anzeige am Bildschirm (Version: 6.70.00)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
avast! Free Antivirus (x32 Version: 8.0.1497.0)
Bonjour (Version: 3.0.0.10)
Bonjour-Druckdienste (Version: 2.0.2.0)
Citrix Online Launcher (x32 Version: 1.0.122)
Conexant 20585 SmartAudio HD (Version: 4.95.48.50)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dienstprogramm "ThinkPad UltraNav" (x32 Version: 2.13.0)
FreePDF (Remove only) (x32)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189)
GPL Ghostscript (Version: 9.10)
Integrated Camera Driver Installer Package Ver.1.1.0.48 (x32 Version: 1.1.0.48)
Intel PROSet Wireless
Intel PROSet Wireless (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1007)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179)
Intel(R) Network Connections Drivers (Version: 14.8)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2401)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.03.0000)
iTunes (Version: 11.0.4.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo Patch Utility (x32 Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.3.1.1)
Lenovo Patch Utility 64 bit (Version: 1.4.0.4)
Lenovo Settings - Camera Audio (Version: 4.0.97.0)
Lenovo Settings Dependency Package (Version: 1.1.1.11)
Lenovo Settings Mobile Hotspot (Version: 1.1.0.57)
Lenovo System Interface Driver (Version: 1.05)
Lenovo System Update (x32 Version: 5.02.0018)
Lenovo ThinkVantage Toolbox (Version: 6.0.5849.23)
LyricsGet (x32)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MixiDJ chrome Toolbar (x32)
Mozilla Firefox 23.0.1 (x86 de) (x32 Version: 23.0.1)
Mozilla Maintenance Service (x32 Version: 23.0.1)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Qualcomm Gobi 2000 Package for Lenovo (x32 Version: 1.1.250)
RedMon - Redirection Port Monitor
ThinkPad FullScreen Magnifier (Version: 2.40)
ThinkPad Power Management Driver (Version: 1.64.00.00)
ThinkPad UltraNav Driver (Version: 16.2.19.7)
ThinkVantage Access Connections (x32 Version: 5.85)
ThinkVantage System für aktiven Festplattenschutz (Version: 1.75)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553157) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589370) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760758) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
VLC media player 2.1.0-rc2 (Version: 2.1.0-rc2)
WISO Konto Online 2013 (x32 Version: 15.5.0.59)
zebNet® Windows Keyfinder TNG 5.0.1.2 (Version: 5.0.1.2)

==================== Restore Points  =========================

02-09-2013 09:08:02 Windows Update
16-09-2013 09:09:19 Windows Update

==================== Hosts content: ==========================

2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01D701B0-F4C4-4815-AEE5-217B6AD2383D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {0A78BE9E-BD6C-4C65-BCC1-F15E59BB3560} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation)
Task: {0B235AF4-02EC-489E-AFBE-C82050A39D7E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {0C4D9E1D-10BB-4728-B556-B568E72E9794} - \LyricsGet Update No Task File
Task: {1054C120-1EB9-48F7-A095-121A59C1B53E} - System32\Tasks\WPD\SqmUpload_S-1-5-21-2216669695-2906418150-1901199515-1003 => C:\Windows\System32\portabledeviceapi.dll [2012-07-26] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-26] (Microsoft Corporation)
Task: {119EC43B-1FCA-4363-BE12-4DA0770FC099} - System32\Tasks\User_Feed_Synchronization-{835C04DA-5AF2-4DAD-9A49-0F4A1E07D72C} => C:\WINDOWS\system32\msfeedssync.exe [2012-07-26] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {14AF177B-BDF8-4056-AE31-87848D77A07B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {153B9BEA-AD7A-41F9-8A5E-5836167451C4} - System32\Tasks\4596 => C:\Windows\System32\wscript.exe [2012-07-26] (Microsoft Corporation)
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {17DA0648-ACC7-455C-9177-71F0C52FCD03} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\System32\sysmain.dll [2013-05-04] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {1DB7FFDC-4614-41FE-BFBA-E9C4A74CBB11} - System32\Tasks\PCDEventLauncher => C:\Program Files\PC-Doctor\sessionchecker.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {21A60AE9-9F2D-43F5-8591-B5ADC045E5D3} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {31359161-6956-41A5-B54E-C62BE5F13BA9} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {31F466D1-0475-4346-943E-8D800289EFAE} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3998CB31-C159-4979-BCAA-02783C9218DD} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44AA1725-EAA2-4351-AFE0-99DB0A4B4541} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4AAC020C-D53D-4515-AD55-491D91B74FEF} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {4B996635-9C3C-4D49-A731-57EF0F6619B1} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1000
Task: {53DDCC9F-6125-42EB-BAA6-792AC6A4738F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {55FE21DB-3203-4AC8-A829-59EFFDD545E7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {5C92DE07-286B-477A-A0DE-7A319EAE6244} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5DB8468F-E861-4B89-A8E0-927E0EB4DD48} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {60351E1F-46BA-4935-879C-28C05C49D6F3} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\PC-Doctor\uaclauncher.exe [2011-06-27] (PC-Doctor, Inc.)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-26] (Microsoft Corporation)
Task: {6399FCD6-5683-4341-9EB4-A527DAF54ED4} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {641791E5-CC72-40BA-A54F-FC84C32AE766} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6E6BAD4A-4D4D-423B-B729-D220168FDC9C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {704C6B85-D3A9-4074-A991-EC71794043B5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {8991C63F-7D27-421C-BEB8-49D346CAB431} - \BrowserDefendert No Task File
Task: {8C85EDF1-EC47-451E-909B-E708638B3B34} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {914662E9-8DC6-4E9F-83E4-7CD290989236} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9B7BFD1D-64FE-4B89-ADE7-F462D487D848} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
Task: {9C3FEA9E-F571-4441-847F-55A2D26BC8B9} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {9C6F66FF-C5E5-44B9-8919-BE9E7083A46E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A533E55B-8905-4461-ADB7-720CCED0CFD9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\WSClient.dll [2012-09-20] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC600421-498C-433A-ACA9-74763908FAA8} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {B0870C67-774C-4072-9B06-950FF390C738} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {BB8593A2-C616-4349-ACC7-C71014F20A77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BEA9FED3-FE9B-4E37-950A-F8FEA890AD91} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {BFCA05DD-EF9E-4500-A5E8-3139E5090A4F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {C174DE89-C4CA-40DC-9D09-DA03AE94B084} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C51C1B36-9255-4BF2-9B97-67B41396C78E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\System32\Windows.Storage.ApplicationData.dll [2012-07-26] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {D37D9325-DB2A-4F77-A48E-ACCEAA330034} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {D50C4B42-50CD-484F-AE78-72256B696C37} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {D7A76948-8353-4143-A912-61829725EF09} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\BrowserChoice\browserchoice.exe [2012-08-15] (Microsoft Corporation)
Task: {D9D49257-2249-4962-951B-55588174D9FB} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => c:\program files\windows defender\MpCmdRun.exe [2013-07-02] (Microsoft Corporation)
Task: {DA57D964-E021-4BA5-8D44-9C0E5E18B4B9} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {DB4A80AB-9A15-437E-BD0E-7A4BC85E272F} - System32\Tasks\0 => Iexplore.exe 
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EAD237E7-D276-4257-9F16-51DF41548733} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\System32\Startupscan.dll [2012-07-26] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F8FFA4BB-836E-4B38-9F59-7998CE447475} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => Sc.exe start wuauserv
Task: {FAEF8084-D8CC-4713-971A-A20486102D64} - \EPUpdater No Task File
Task: {FEC2ABE9-9E85-4E37-B2B1-3892DE1E2D5B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-28] (Google Inc.)
Task: {FFE3FD50-646E-4A64-913B-23C4187E6025} - System32\Tasks\Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\LyricsGet Update.job => C:\Program Files (x86)\Lyrics-Get\LyricsUPD.exe
Task: C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job => C:\Program Files\PC-Doctor\uaclauncher.exe
Task: C:\WINDOWS\Tasks\SystemToolsDailyTest.job => C:\Program Files\PC-Doctor\uaclauncher.exe

==================== Loaded Modules (whitelisted) =============

2011-06-27 17:06 - 2011-06-27 17:06 - 00348752 _____ (PC-Doctor, Inc.) C:\Program Files\PC-Doctor\PcdToolbar584923.dll
2013-05-16 23:33 - 2013-04-18 07:32 - 00115712 _____ () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\SYSTEM32\Sensor64.dll
2012-07-26 03:22 - 2012-07-26 05:05 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\System32\IME\SHARED\IMEROAMING.DLL
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-14 23:46 - 2012-09-14 23:46 - 00286720 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrDEU.lrc
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll
2012-09-14 23:40 - 2012-09-14 23:40 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-04-07 17:30 - 2013-04-24 01:23 - 01048816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2013-04-24 01:22 - 2013-04-24 01:22 - 00229616 _____ (Synaptics Incorporated) C:\WINDOWS\SYSTEM32\SynTPAPI.dll
2011-03-29 20:16 - 2011-03-29 20:16 - 00021864 _____ (Lenovo.) C:\WINDOWS\system32\Sensor64.dll
2012-07-26 04:14 - 2012-07-26 05:04 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msgsm32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msg711.acm
2012-07-26 04:13 - 2012-07-26 05:04 - 00079872 _____ (Fraunhofer Institut Integrierte Schaltungen IIS) C:\Windows\SYSTEM32\l3codeca.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\imaadp32.acm
2012-07-26 04:14 - 2012-07-26 05:04 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SYSTEM32\msadp32.acm
2011-11-02 00:26 - 2011-11-02 00:26 - 00053608 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\WINDOWS\SYSTEM32\dnssd.dll
2013-08-19 21:55 - 2013-08-14 19:55 - 03551640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-11 14:40 - 2013-09-11 14:40 - 00145920 _____ () C:\Program Files (x86)\Lyrics-Get\133.dll
2013-05-10 23:35 - 2013-06-28 00:05 - 14375800 _____ (Adobe Systems, Inc.) C:\Windows\SYSTEM32\Macromed\Flash\Flash.ocx
2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

==================== Alternate Data Streams (whitelisted) ==========



==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/16/2013 00:06:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: setup.exe_unknown, Version: 0.0.0.0, Zeitstempel: 0x4232a581
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.2.9200.16579, Zeitstempel: 0x51637f77
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000054ec
ID des fehlerhaften Prozesses: 0x2108
Startzeit der fehlerhaften Anwendung: 0xsetup.exe_unknown0
Pfad der fehlerhaften Anwendung: setup.exe_unknown1
Pfad des fehlerhaften Moduls: setup.exe_unknown2
Berichtskennung: setup.exe_unknown3
Vollständiger Name des fehlerhaften Pakets: setup.exe_unknown4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: setup.exe_unknown5

Error: (09/16/2013 11:38:17 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (09/16/2013 11:23:56 AM) (Source: Application Hang) (User: )
Description: Programm IEXPLORE.EXE, Version 10.0.9200.16660 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 157c

Startzeit: 01ceb2bda189a742

Endzeit: 4

Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Berichts-ID: b3115bcb-1eb1-11e3-be86-e02a82f2a4a9

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:31 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Versuch, Datei "C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (09/16/2013 09:10:01 AM) (Source: ESENT) (User: )
Description: taskhostex (4932) WebCacheLocal: Fehler -1032 (0xfffffbf8) beim Öffnen von Protokolldatei C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log.


System errors:
=============
Error: (09/16/2013 10:55:59 AM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Fehler "126" beim Laden der Kennwortbenachrichtigungs-DLL "ACGina". Stellen Sie sicher, dass der in der Registrierung definierte DLL-Pfad "HKLM\System\CurrentControlSet\Control\Lsa\Notification Packages" sich auf einen korrekten und absoluten Pfad (<Laufwerk>:\<Pfad>\<Dateiname>.<Erw.>) bezieht und nicht auf einen relativen oder ungültigen Pfad. Wenn der DLL-Pfad falsch ist, stellen Sie sicher, dass sich alle Hilfsdateien im gleichen Verzeichnis befinden und dass das Systemkonto sowohl auf den DLL-Pfad als auch die Hilfsdateien Lesezugriff hat.  Wenden Sie sich an den Anbieter der Benachrichtigungs-DLL, um weitere Unterstützung zu erhalten. Weitere Informationen finden Sie im Internet unter "hxxp://go.microsoft.com/fwlink/?LinkId=245898".

Error: (09/16/2013 09:13:40 AM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (09/15/2013 00:19:56 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/14/2013 10:36:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/14/2013 10:24:21 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/11/2013 00:22:43 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/11/2013 08:25:00 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/10/2013 07:19:08 PM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 5

Error: (09/10/2013 06:14:38 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AcSvc erreicht.

Error: (09/10/2013 06:14:25 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E3B1DA03-E878-461A-B7E3-B3383A386A66} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (09/16/2013 00:06:13 PM) (Source: Application Error)(User: )
Description: setup.exe_unknown0.0.0.04232a581ntdll.dll6.2.9200.1657951637f77c000000500000000000054ec210801ceb2c45fcc5dd1C:\Users\Neuer Besitzer\AppData\Local\Temp\IXP001.TMP\setup.exeC:\WINDOWS\SYSTEM32\ntdll.dll9df2d7c1-1eb7-11e3-be86-e02a82f2a4a9

Error: (09/16/2013 11:38:17 AM) (Source: SideBySide)(User: )
Description: C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dllC:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll0

Error: (09/16/2013 11:23:56 AM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE10.0.9200.16660157c01ceb2bda189a7424C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEb3115bcb-1eb1-11e3-be86-e02a82f2a4a9

Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:31 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:21 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)

Error: (09/16/2013 09:10:11 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.

Error: (09/16/2013 09:10:01 AM) (Source: ESENT)(User: )
Description: taskhostex4932WebCacheLocal: C:\Users\Neuer Besitzer\AppData\Local\Microsoft\Windows\WebCache\V01.log-1032 (0xfffffbf8)


CodeIntegrity Errors:
===================================
  Date: 2013-09-02 14:24:28.641
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.203
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.078
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:28.016
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:27.969
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:24.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:24:24.234
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:23:18.206
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.

  Date: 2013-09-02 14:23:18.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll with signing level Unsigned while the system requires signing level Microsoft or better to load.


==================== Memory info =========================== 

Percentage of memory in use: 57%
Total physical RAM: 3891.66 MB
Available physical RAM: 1641.66 MB
Total Pagefile: 7859.66 MB
Available Pagefile: 5429.24 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.45 GB) (Free:104.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 65C6DBE7)
Partition 1: (Not Active) - (Size=512 MB) - (Type=05)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=148 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         
Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:04 on 16/09/2013 (Neuer Besitzer)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 12:14:49
Running from C:\Users\Neuer Besitzer\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe
(Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: LyricsGet - {602b2047-753a-4013-b389-df32f2a78a96} - C:\Program Files (x86)\Lyrics-Get\133.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default
FF user.js: detected! => C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{b0b19bf6-d22c-444b-8288-6b8409356150}] - C:\Program Files (x86)\Lyrics-Get\133.xpi
FF Extension: No Name - C:\Program Files (x86)\Lyrics-Get\133.xpi

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128
CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [ijodjbiibildhjdbjehpdjoglbnbfnpf] - C:\Program Files (x86)\Lyrics-Get\133.crx

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] ()
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
U3 idsvc; 
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:07 - 2013-09-16 12:12 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp
2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll
2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-14 09:25 - 2013-09-16 09:36 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get
2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 21:48 - 2013-09-02 21:50 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-08-21 20:05 - 2013-08-23 10:18 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-09-16 10:57 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-19 14:48 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-19 14:48 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-19 14:48 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-19 14:48 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-19 14:48 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-19 14:48 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-08-19 14:48 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-08-19 14:48 - 2013-07-26 05:13 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-08-19 14:48 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-08-19 14:48 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-08-19 14:48 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-08-19 14:48 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-08-19 14:48 - 2013-07-26 02:54 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-08-19 14:47 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-19 14:47 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-08-19 14:47 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-08-19 14:38 - 2013-06-01 13:54 - 00194816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-08-19 14:38 - 2013-06-01 13:54 - 00125184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-08-19 14:38 - 2013-05-20 02:08 - 00386642 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-08-19 14:37 - 2013-05-24 01:01 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-08-19 14:37 - 2013-05-24 00:27 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-08-19 14:37 - 2013-05-04 09:30 - 00058312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 03241472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01619968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2013-08-19 14:37 - 2013-05-04 06:58 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-08-19 14:37 - 2013-05-04 06:58 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:12 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:10 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2013-09-16 12:09 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 12:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 11:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 11:30 - 2012-11-01 22:58 - 01945276 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
2013-09-16 11:00 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-09-16 11:00 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-09-16 11:00 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-16 10:57 - 2013-08-19 14:56 - 00000418 _____ C:\WINDOWS\Tasks\LyricsGet Update.job
2013-09-16 10:57 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 10:56 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-16 10:56 - 2012-07-26 09:21 - 00673522 _____ C:\WINDOWS\setupact.log
2013-09-16 10:55 - 2012-11-01 22:40 - 00039986 _____ C:\WINDOWS\PFRO.log
2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-09-16 09:36 - 2013-09-14 09:25 - 00000000 ____D C:\Program Files (x86)\Lyrics-Get
2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 23:44 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr
2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log
2013-09-02 21:50 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages
2013-08-23 10:18 - 2013-08-21 20:05 - 00452168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-19 14:03 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal

Some content of TEMP:
====================
C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 11:08

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 16.09.2013, 12:53   #7
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Gmer Teil 1:
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-16 12:38:50
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HITACHI_HTS723216A7A364 rev.EC1ZB70B 149,05GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\NEUERB~1\AppData\Local\Temp\kxloapob.sys


---- Kernel code sections - GMER 2.1 ----

.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                             fffff9600009fd00 7 bytes [40, 6C, 82, 01, 00, 55, F2]
.text   C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8                                                                                                         fffff9600009fd08 7 bytes [01, B1, C1, FF, 00, A1, DC]

---- User code sections - GMER 2.1 ----

.text   C:\WINDOWS\system32\csrss.exe[732] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                                                    000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\csrss.exe[780] C:\WINDOWS\SYSTEM32\kernel32.dll!GetBinaryTypeW + 163                                                                    000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\wininit.exe[788] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\winlogon.exe[832] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\services.exe[872] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\lsass.exe[880] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                    000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[980] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\ibmpmsvc.exe[344] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[536] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\System32\svchost.exe[500] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\dwm.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                      000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\System32\svchost.exe[652] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[512] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[540] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                  000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[1208] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\svchost.exe[1232] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                          000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                          000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 742                                                                        000007f8edf01b32 4 bytes [F0, ED, F8, 07]
.text   C:\WINDOWS\system32\WLANExt.exe[1372] C:\WINDOWS\system32\WSOCK32.dll!recvfrom + 750                                                                        000007f8edf01b3a 4 bytes [F0, ED, F8, 07]
.text   C:\WINDOWS\system32\conhost.exe[1392] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe[1968] C:\WINDOWS\system32\KERNEL32.DLL!GetBinaryTypeW + 163                                                     000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                      000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                          000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                       000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                           000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                   000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                         000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                           000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                              000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                             000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                           000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                              000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                      000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                             000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                       000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                             000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                      000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                       000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Bonjour\mDNSResponder.exe[2128] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                   000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\dashost.exe[2196] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                      000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                          000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                           000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                       000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                           000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                 000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                   000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                      000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                         000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                           000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                              000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                             000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                           000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                               000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                               000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                              000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                      000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                             000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                       000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                             000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                      000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                       000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                   000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 742                                                             000007f8edf01b32 4 bytes [F0, ED, F8, 07]
.text   C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2232] C:\WINDOWS\SYSTEM32\WSOCK32.dll!recvfrom + 750                                                             000007f8edf01b3a 4 bytes [F0, ED, F8, 07]
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\wbem\unsecapp.exe[2752] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                    000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2788] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                    000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\wbem\wmiprvse.exe[2820] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                  000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                      000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                       000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                   000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                       000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                             000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                               000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                  000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                     000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                       000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                          000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                         000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                       000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                           000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                           000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                          000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                  000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                         000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                   000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                         000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                  000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                   000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe[2896] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                               000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\svchost.exe[2920] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\svchost.exe[2460] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 690                                                                   000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!GradientFill + 698                                                                   000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\Windows\System32\MSIMG32.dll!TransparentBlt + 246                                                                 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Windows\System32\WUDFHost.exe[3116] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                              000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                  000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                   000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                               000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                   000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                         000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                           000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                              000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                      000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                              000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                     000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                               000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                     000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                              000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                               000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                           000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                 000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                   000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                      000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                     000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\taskhostex.exe[3480] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                   000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE[3572] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                         000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                             000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                              000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                          000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                                    000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                      000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                            000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                              000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                                 000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                                000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                              000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                                 000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                         000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                                000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                          000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                                000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                         000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                          000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                      000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                            000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                            000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                          000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                                  000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\Explorer.EXE[3684] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                                  000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\SearchIndexer.exe[3052] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                           000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                               000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                            000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                      000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                        000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                           000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                   000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                           000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                  000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                            000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                  000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                           000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                            000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                        000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                              000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                   000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                  000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\RuntimeBroker.exe[3436] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\TpShocks.exe[1408] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\igfxtray.exe[3996] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                   000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                           000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                   000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                          000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                    000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                          000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                   000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                    000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\hkcmd.exe[1820] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                                000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory
         

Alt 16.09.2013, 12:53   #8
aharonov
/// TB-Ausbilder
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Ok, dann:


Schritt 1
  • Gehe in die Systemsteuerung und öffne Programme und Funktionen.
  • Suche und deinstalliere dort der Reihe nach folgende Einträge:
    • LyricsGet
    • MixiDJ chrome Toolbar
  • Schliesse das Fenster wieder und führe einen Neustart durch, wenn das gefordert wurde.



Schritt 2

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.
__________________
cheers,
Leo

Alt 16.09.2013, 12:54   #9
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Gmer Teil 2:
Code:
ATTFilter
                                                              000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                           000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                   000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                          000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                    000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                          000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                   000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                    000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                           000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                   000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                          000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                    000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                          000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                   000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                    000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                     000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                         000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                          000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                        000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                          000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                             000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                            000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                          000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                             000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                     000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                            000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                            000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                     000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                000007f8f382f7eb 1 byte [62]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                000007f8f382f7eb 1 byte [62]
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                   000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                   000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                       000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                           000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                            000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                  000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                       000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                          000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                            000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                               000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                              000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                            000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                               000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                       000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                              000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                        000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                              000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                       000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                        000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                    000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                 000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory     000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory         000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess          000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory      000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread          000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                  000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx        000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW          000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent             000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook            000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA          000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService             000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W     000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW            000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW      000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA            000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A     000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA      000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity  000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory       000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory           000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess            000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory        000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread            000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                  000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                    000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService               000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W       000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW              000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW        000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA              000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A       000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA        000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity    000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx          000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW            000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent               000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook              000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA            000007f8f5dd1850 5 bytes JMP 000007f975ef0b14

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [780:796]                                                                                                                     fffff960008425e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                           -1587657269
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type                                                                                                        2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start                                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl                                                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName                                                                                                 aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group                                                                                                       FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService                                                                                             FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description                                                                                                 avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag                                                                                                         2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance                                                                                   aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                        388400
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                           0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk                                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type                                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start                                                                                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath                                                                                                  \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName                                                                                                aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group                                                                                                      FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService                                                                                            FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description                                                                                                avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance                                                                                  aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                      320700
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath                                                                                                     \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName                                                                                                   aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group                                                                                                         PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService                                                                                               tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description                                                                                                   avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                 nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start                                                                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl                                                                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName                                                                                                  aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description                                                                                                  avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter                                                                                       1164097
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot                                                                                        \Device\HarddiskVolume2\WINDOWS
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt                                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type                                                                                                          2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName                                                                                                   aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group                                                                                                         FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService                                                                                               FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description                                                                                                   avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag                                                                                                           2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance                                                                                     aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude                                                                            137600
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags                                                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder                                                                                      \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder                                                                                         \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type                                                                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl                                                                                                   1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName                                                                                                    aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description                                                                                                    avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder                                                                                       \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder                                                                                          \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder                                                                                  \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder                                                                                        \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP                                                                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName                                                                                                   avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group                                                                                                         PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService                                                                                               tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description                                                                                                   avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag                                                                                                           10
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start                                                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName                                                                                                   aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description                                                                                                   avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type                                                                                                32
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start                                                                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath                                                                                           "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName                                                                                         avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group                                                                                               ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService                                                                                     aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName                                                                                          LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description                                                                                         Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9                                                                                 

---- EOF - GMER 2.1 ----
         

Alt 16.09.2013, 12:55   #10
aharonov
/// TB-Ausbilder
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Meine nächsten Anweisungen stehen in meinem vorherigen Post.
__________________
cheers,
Leo

Alt 16.09.2013, 12:55   #11
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Gmer Teil 2:

Code:
ATTFilter
                                                              000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Windows\System32\igfxpers.exe[2748] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                            000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                            000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                           000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                   000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                          000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                    000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                          000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                   000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                    000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1504] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                           000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                   000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                          000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                    000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                          000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                   000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                    000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[4184] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                     000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                         000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                          000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                      000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                          000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                  000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                        000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                          000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                             000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                            000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                          000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                             000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                     000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                            000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                      000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                            000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                     000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                      000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Lenovo\HOTKEY\extapsup.exe[4224] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                  000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                000007f8f382f7eb 1 byte [62]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4264] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                000007f8f382f7eb 1 byte [62]
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe[4400] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                    000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                     000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                 000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                     000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                           000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                             000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                   000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                     000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                        000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                       000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                     000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 690                                                                   000007f8e9fa1532 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 698                                                                   000007f8e9fa153a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 246                                                                 000007f8e9fa165a 4 bytes [FA, E9, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 306                                                         000007f8f579177a 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\system32\PSAPI.DLL!GetProcessImageFileNameA + 314                                                         000007f8f5791782 4 bytes [79, F5, F8, 07]
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                        000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                       000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                 000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                       000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                 000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\rundll32.exe[4428] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                             000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\igfxext.exe[4568] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                       000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                           000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                            000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                        000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                            000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                  000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                    000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                       000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                          000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                            000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                               000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                              000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                            000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                               000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                       000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                              000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                        000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                              000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                       000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                        000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\iPod\bin\iPodService.exe[4144] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                    000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory   000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory       000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess        000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory    000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread        000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll              000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163   000007f8f382f7eb 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx      000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW        000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent           000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWinEventHook          000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe[5044] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA        000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                 000007f8f382f7eb 1 byte [62]
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe[4564] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\conhost.exe[1404] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\System32\svchost.exe[5672] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\system32\DllHost.exe[6992] C:\WINDOWS\SYSTEM32\user32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory     000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory         000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess          000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory      000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread          000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                  000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx        000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW          000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent             000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWinEventHook            000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA          000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService             000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W     000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW            000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW      000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA            000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A     000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA      000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[6500] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity  000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory                                                                 000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory                                                                     000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess                                                                      000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory                                                                  000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread                                                                      000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                                                                            000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                                                                              000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\KERNEL32.dll!GetBinaryTypeW + 163                                                                 000007f8f382f7eb 1 byte [62]
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx                                                                    000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW                                                                      000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent                                                                         000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWinEventHook                                                                        000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA                                                                      000007f8f5dd1850 5 bytes JMP 000007f975ef0b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService                                                                         000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W                                                                 000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW                                                                        000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW                                                                  000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA                                                                        000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A                                                                 000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA                                                                  000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\WINDOWS\System32\spoolsv.exe[8456] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity                                                              000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory       000007f8f5fc2d60 5 bytes JMP 000007f976190b14
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtFreeVirtualMemory           000007f8f5fc2dc0 5 bytes JMP 000007f976190ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtTerminateProcess            000007f8f5fc2ea0 5 bytes JMP 000007f97619163c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtProtectVirtualMemory        000007f8f5fc30e0 5 bytes JMP 000007f976191284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!NtSetContextThread            000007f8f5fc4251 5 bytes JMP 000007f9761919f4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrUnloadDll                  000007f8f5fd4a10 5 bytes JMP 000007f97619075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\ntdll.dll!LdrLoadDll                    000007f8f5ff31c4 5 bytes JMP 000007f9761903a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!DeleteService               000007f8f5747510 5 bytes JMP 000007f975790b14
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2W       000007f8f5747550 5 bytes JMP 000007f9757919f4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceW              000007f8f57475d0 5 bytes JMP 000007f97579075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigW        000007f8f5747b20 5 bytes JMP 000007f975791284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!CreateServiceA              000007f8f576b034 5 bytes JMP 000007f9757903a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfig2A       000007f8f576b2e4 5 bytes JMP 000007f97579163c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!ChangeServiceConfigA        000007f8f576b470 5 bytes JMP 000007f975790ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\SYSTEM32\sechost.dll!SetServiceObjectSecurity    000007f8f576b6d4 5 bytes JMP 000007f975791dac
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWindowsHookEx          000007f8f5da2120 5 bytes JMP 000007f975ef1284
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExW            000007f8f5dabee0 5 bytes JMP 000007f975ef0ecc
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!UnhookWinEvent               000007f8f5dae030 5 bytes JMP 000007f975ef075c
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWinEventHook              000007f8f5db2f70 5 bytes JMP 000007f975ef03a4
.text   C:\Program Files\WindowsApps\Microsoft.Reader_6.2.9200.20780_x64__8wekyb3d8bbwe\glcnd.exe[8540] C:\WINDOWS\system32\USER32.dll!SetWindowsHookExA            000007f8f5dd1850 5 bytes JMP 000007f975ef0b14

---- Threads - GMER 2.1 ----

Thread  C:\WINDOWS\system32\csrss.exe [780:796]                                                                                                                     fffff960008425e8

---- Registry - GMER 2.1 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                           -1587657269
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Type                                                                                                        2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Start                                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@ErrorControl                                                                                                1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DisplayName                                                                                                 aswFsBlk
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Group                                                                                                       FSFilter Activity Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@DependOnService                                                                                             FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Description                                                                                                 avast! mini-filter driver (aswFsBlk)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk@Tag                                                                                                         2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances@DefaultInstance                                                                                   aswFsBlk Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Altitude                                                                        388400
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk\Instances\aswFsBlk Instance@Flags                                                                           0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswFsBlk                                                                                                             
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Type                                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Start                                                                                                      2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ErrorControl                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@ImagePath                                                                                                  \??\C:\WINDOWS\system32\drivers\aswMonFlt.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DisplayName                                                                                                aswMonFlt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Group                                                                                                      FSFilter Anti-Virus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@DependOnService                                                                                            FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt@Description                                                                                                avast! mini-filter driver (aswMonFlt)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances                                                                                                  
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances@DefaultInstance                                                                                  aswMonFlt Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Altitude                                                                      320700
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt\Instances\aswMonFlt Instance@Flags                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt                                                                                                            
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ImagePath                                                                                                     \SystemRoot\System32\Drivers\aswrdr2.sys
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DisplayName                                                                                                   aswRdr
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Group                                                                                                         PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@DependOnService                                                                                               tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr@Description                                                                                                   avast! WFP Redirect driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@MSIgnoreLSPDefault                                                                                 
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr\Parameters@WSIgnoreLSPDefault                                                                                 nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRdr                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Type                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Start                                                                                                        0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@ErrorControl                                                                                                 1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@DisplayName                                                                                                  aswRvrt
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt@Description                                                                                                  avast! Revert
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters                                                                                                   
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter                                                                                       2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@TickCounter                                                                                       1164097
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@SystemRoot                                                                                        \Device\HarddiskVolume2\WINDOWS
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@ImproperShutdown                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt                                                                                                              
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Type                                                                                                          2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DisplayName                                                                                                   aswSnx
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Group                                                                                                         FSFilter Virtualization
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@DependOnService                                                                                               FltMgr?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Description                                                                                                   avast! virtualization driver (aswSnx)
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx@Tag                                                                                                           2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances@DefaultInstance                                                                                     aswSnx Instance
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Altitude                                                                            137600
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Instances\aswSnx Instance@Flags                                                                               0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@ProgramFolder                                                                                      \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx\Parameters@DataFolder                                                                                         \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSnx                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Type                                                                                                           1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Start                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@ErrorControl                                                                                                   1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@DisplayName                                                                                                    aswSP
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP@Description                                                                                                    avast! Self Protection
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@BehavShield                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFolder                                                                                       \DosDevices\C:\Program Files\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@DataFolder                                                                                          \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@ProgramFilesFolder                                                                                  \DosDevices\C:\Program Files
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP\Parameters@GadgetFolder                                                                                        \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswSP                                                                                                                
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Start                                                                                                         1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DisplayName                                                                                                   avast! Network Shield Support
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Group                                                                                                         PNP_TDI
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@DependOnService                                                                                               tcpip?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Description                                                                                                   avast! Network Shield TDI driver
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi@Tag                                                                                                           10
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswTdi                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Type                                                                                                          1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Start                                                                                                         0
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@ErrorControl                                                                                                  1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@DisplayName                                                                                                   aswVmm
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm@Description                                                                                                   avast! VM Monitor
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm\Parameters                                                                                                    
Reg     HKLM\SYSTEM\CurrentControlSet\Services\aswVmm                                                                                                               
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Type                                                                                                32
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Start                                                                                               2
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ErrorControl                                                                                        1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ImagePath                                                                                           "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DisplayName                                                                                         avast! Antivirus
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Group                                                                                               ShellSvcGroup
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@DependOnService                                                                                     aswMonFlt?RpcSS?
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@WOW64                                                                                               1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ObjectName                                                                                          LocalSystem
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@ServiceSidType                                                                                      1
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus@Description                                                                                         Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg     HKLM\SYSTEM\CurrentControlSet\Services\avast! Antivirus                                                                                                     
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\e02a82f2a4a9                                                                                 

---- EOF - GMER 2.1 ----
         

Alt 16.09.2013, 12:58   #12
aharonov
/// TB-Ausbilder
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Ok, die nächsten Schritte sind hier: http://www.trojaner-board.de/141644-...ml#post1156194
__________________
cheers,
Leo

Alt 16.09.2013, 13:40   #13
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Ergebnis adwcleaner:

AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.004 - Bericht erstellt am 16/09/2013 um 14:25:40
# Updated 15/09/2013 von Xplode
# Betriebssystem : Windows 8 Pro  (64 bits)
# Benutzername : Neuer Besitzer - USER-PC
# Gestartet von : C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Neuer Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\boipimhfjpakfgckhbljjengakjhkcbp
Ordner Gelöscht : C:\Users\Neuer Besitzer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn
Datei Gelöscht : C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4D6A9BBF-402C-4301-B1EF-28D04F71D761}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA9B9C89-4662-4ADC-9C23-A452BECD5D19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsGet
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v23.0.1 (de)

[ Datei : C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [8899 octets] - [02/09/2013 21:48:42]
AdwCleaner[R1].txt - [1946 octets] - [16/09/2013 14:24:38]
AdwCleaner[S0].txt - [8602 octets] - [02/09/2013 21:49:58]
AdwCleaner[S1].txt - [1816 octets] - [16/09/2013 14:25:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1876 octets] ##########
         
--- --- ---

[/CODE]

FRST Ergebnis:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 14:36:34
Running from C:\Users\Neuer Besitzer\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128
CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] ()
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
U3 idsvc; 
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt
2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp
2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP
2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe
2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt
2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt
2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt
2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe
2013-09-16 12:15 - 2013-09-16 12:16 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt
2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt
2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:07 - 2013-09-16 14:34 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp
2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll
2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-14 09:37 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-14 09:37 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-14 09:37 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 09:37 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-14 09:37 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-14 09:37 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-14 09:37 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-14 09:37 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-09-14 09:37 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2013-09-14 09:37 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2013-09-14 09:37 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2013-09-14 09:36 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-14 09:36 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-14 09:36 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-14 09:36 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-14 09:36 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-09-14 09:36 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-09-14 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-09-14 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-09-14 09:36 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-09-14 09:36 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-09-14 09:36 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-09-14 09:36 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2013-09-14 09:36 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-09-14 09:36 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-09-14 09:36 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-09-14 09:36 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-09-14 09:36 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-14 09:36 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-09-14 09:36 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-09-14 09:36 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-09-14 09:36 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-14 09:36 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-09-14 09:36 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-14 09:36 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2013-09-14 09:36 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-09-14 09:36 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-09-14 09:36 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-09-14 09:36 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-09-14 09:36 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-09-14 09:36 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-09-14 09:36 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-09-14 09:36 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-09-14 09:36 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-09-14 09:36 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-09-14 09:36 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-09-14 09:36 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2013-09-14 09:36 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2013-09-14 09:36 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2013-09-14 09:36 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-09-14 09:36 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-09-14 09:36 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-09-14 09:36 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-09-14 09:36 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-09-14 09:36 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-09-14 09:36 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2013-09-14 09:36 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2013-09-14 09:36 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2013-09-14 09:35 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 21:48 - 2013-09-16 14:25 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt
2013-09-16 14:34 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 14:34 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp
2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-16 14:33 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-16 14:33 - 2012-07-26 09:21 - 00678954 _____ C:\WINDOWS\setupact.log
2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP
2013-09-16 14:32 - 2012-11-01 22:40 - 00047256 _____ C:\WINDOWS\PFRO.log
2013-09-16 14:29 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-09-16 14:26 - 2012-11-01 22:58 - 01997269 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-09-16 14:26 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-09-16 14:25 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner
2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe
2013-09-16 14:22 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2013-09-16 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-16 13:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt
2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt
2013-09-16 12:39 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt
2013-09-16 12:23 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-09-16 12:23 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-09-16 12:23 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe
2013-09-16 12:16 - 2013-09-16 12:15 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt
2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt
2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr
2013-09-05 22:09 - 2013-01-29 20:54 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-09-05 22:09 - 2013-01-29 20:54 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages
2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 06:12 - 2013-09-14 09:36 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-21 06:12 - 2013-09-14 09:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-21 06:11 - 2013-09-14 09:36 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-21 04:34 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-21 04:06 - 2013-09-14 09:36 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-08-21 04:06 - 2013-09-14 09:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-08-21 04:06 - 2013-09-14 09:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-08-21 03:43 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-08-21 01:52 - 2013-09-14 09:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal

Some content of TEMP:
====================
C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 11:08

==================== End Of Log ============================
         
--- --- ---

Alt 16.09.2013, 13:53   #14
aharonov
/// TB-Ausbilder
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



Welche Probleme bestehen nach diesen Schritten noch?


Schritt 1

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] ()
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.




Schritt 2

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




Schritt 3


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
cheers,
Leo

Alt 16.09.2013, 15:52   #15
HiMat
 
Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Standard

Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise



So es hat etwas gedauert bis Eset durch war mit dem Scan.
Hier die drei Log Files:
1. FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013 01
Ran by Neuer Besitzer (administrator) on USER-PC on 16-09-2013 14:36:34
Running from C:\Users\Neuer Besitzer\Desktop
Windows 8 Pro (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Lenovo.) C:\WINDOWS\system32\ibmpmsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\SHTCTKY.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Lenovo Corporation) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe
() C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe
() C:\Program Files (x86)\Lenovo\LocationAware\lpdagent.exe
(Microsoft Corporation) C:\WINDOWS\system32\PrintIsolationHost.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AcWin7Hlpr] - C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [33344 2011-10-20] (Lenovo)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [594936 2013-04-15] (Lenovo Corporation)
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-15] ()
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [380776 2011-03-29] (Lenovo.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [LenovoOptMouseUpdate] - C:\Program Files\Lenovo\HOTKEY\extapsup.exe [250976 2012-08-31] (Lenovo Group Limited)
HKLM\...\Run: [LnvMobHotspotClient] - C:\Program Files\Lenovo\Lenovo Mobile Hotspot\MobileHotspotclient.exe [937976 2013-04-11] (Lenovo)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-05-03] (Intel Corporation)
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [6482728 2013-04-18] (Lenovo Group Limited)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
AppInit_DLLs-x32: c:\progra~3\browse~1\261562~1.220\{c16c1~1\browse~1.dll [ ] ()
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB1A838F1D99CCE01
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default
FF SearchEngineOrder.1: Mixi.DJ Search
FF SelectedSearchEngine: Mixi.DJ Search
FF Homepage: hxxp://www.google.de/ig
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Neuer Besitzer\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\130
FF Extension: No Name - C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla\Firefox\Profiles\4s4l07tq.default\Extensions\131
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Docs) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijodjbiibildhjdbjehpdjoglbnbfnpf\1.128
CHR Extension: (Chrome In-App Payments service) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\NEUERB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
S3 AVControlCenter; C:\Program Files\Lenovo\Communications Utility\AVControlCenter32.exe [148472 2013-04-15] (Lenovo Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [478056 2011-10-04] (Lenovo.)
R2 Lenovo Settings Service; C:\Program Files\Lenovo\SettingsDependency\SettingsService.exe [1628664 2013-02-06] (Lenovo Group Limited)
S3 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [681464 2013-04-15] (Lenovo Corporation)
R2 LnvHotSpotSvc; C:\Program Files\Lenovo\Lenovo Mobile Hotspot\LnvHotSpotSvc.exe [465912 2013-04-11] (Lenovo)
R2 LocationTaskManager; C:\Program Files (x86)\Lenovo\LocationAware\loctaskmgr.exe [463352 2013-04-19] ()
R2 QDLService2kLenovo; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kLenovo.exe [1688384 2011-05-23] (QUALCOMM, Inc.)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 qcfilterlno2k; C:\Windows\System32\drivers\qcfilterlno2k.sys [6400 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbnetlno2k; C:\Windows\system32\DRIVERS\qcusbnetlno2k.sys [444416 2011-05-23] (QUALCOMM Incorporated)
R3 qcusbserlno2k; C:\Windows\system32\DRIVERS\qcusbserlno2k.sys [231040 2011-05-23] (QUALCOMM Incorporated)
U3 idsvc; 
S3 PCDSRVC{127174DC-C366ED8B-06020200}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt
2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp
2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP
2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe
2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt
2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt
2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt
2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe
2013-09-16 12:15 - 2013-09-16 12:16 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt
2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt
2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:07 - 2013-09-16 14:34 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:06 - 2010-06-17 20:56 - 00119152 _____ C:\WINDOWS\system32\redmon.hlp
2013-09-16 12:06 - 2010-06-17 20:56 - 00087040 _____ C:\WINDOWS\system32\redmonnt.dll
2013-09-16 12:06 - 2010-06-17 20:56 - 00046080 _____ C:\WINDOWS\system32\unredmon.exe
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:58 - 2013-09-16 11:59 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:26 - 2013-09-16 11:29 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 09:49 - 2013-09-14 09:50 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-14 09:37 - 2013-08-16 07:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2013-09-14 09:37 - 2013-08-16 07:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-09-14 09:37 - 2013-08-16 07:39 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-09-14 09:37 - 2013-08-16 07:32 - 00209200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2013-09-14 09:37 - 2013-08-16 07:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2013-09-14 09:37 - 2013-08-16 07:22 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2013-09-14 09:37 - 2013-08-16 07:21 - 03275776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 01621504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2013-09-14 09:37 - 2013-08-16 07:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2013-09-14 09:37 - 2013-08-16 07:20 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00083968 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2013-09-14 09:37 - 2013-08-16 00:43 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2013-09-14 09:37 - 2013-08-16 00:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2013-09-14 09:37 - 2013-08-16 00:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2013-09-14 09:37 - 2013-08-16 00:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2013-09-14 09:36 - 2013-08-21 06:12 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-14 09:36 - 2013-08-21 06:12 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-14 09:36 - 2013-08-21 06:11 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-14 09:36 - 2013-08-21 06:11 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-09-14 09:36 - 2013-08-21 04:34 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-09-14 09:36 - 2013-08-21 04:06 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-09-14 09:36 - 2013-08-21 04:06 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-09-14 09:36 - 2013-08-21 04:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-09-14 09:36 - 2013-08-21 04:05 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-09-14 09:36 - 2013-08-21 03:43 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-09-14 09:36 - 2013-08-21 01:52 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-09-14 09:36 - 2013-07-09 10:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2013-09-14 09:36 - 2013-07-09 08:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2013-09-14 09:36 - 2013-07-09 06:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2013-09-14 09:36 - 2013-07-09 05:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2013-09-14 09:36 - 2013-07-09 00:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2013-09-14 09:36 - 2013-07-09 00:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2013-09-14 09:36 - 2013-07-06 02:16 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2013-09-14 09:36 - 2013-07-03 02:23 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2013-09-14 09:36 - 2013-07-03 02:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-09-14 09:36 - 2013-07-03 02:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2013-09-14 09:36 - 2013-07-03 02:22 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-09-14 09:36 - 2013-07-03 02:11 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2013-09-14 09:36 - 2013-07-03 02:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-09-14 09:36 - 2013-07-03 02:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2013-09-14 09:36 - 2013-07-02 00:08 - 00387583 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-09-14 09:36 - 2013-07-01 00:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2013-09-14 09:36 - 2013-07-01 00:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2013-09-14 09:36 - 2013-06-29 08:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2013-09-14 09:36 - 2013-06-29 08:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2013-09-14 09:36 - 2013-06-29 07:43 - 00327512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2013-09-14 09:36 - 2013-06-29 03:12 - 01022464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-09-14 09:36 - 2013-06-26 05:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2013-09-14 09:36 - 2013-06-25 00:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2013-09-14 09:36 - 2013-06-25 00:54 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2013-09-14 09:36 - 2013-06-25 00:54 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2013-09-14 09:36 - 2013-06-19 07:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2013-09-14 09:36 - 2013-06-19 07:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2013-09-14 09:36 - 2013-06-19 00:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2013-09-14 09:36 - 2013-06-19 00:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2013-09-14 09:36 - 2013-06-12 01:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2013-09-14 09:36 - 2013-06-12 01:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2013-09-14 09:36 - 2013-06-10 23:17 - 00096512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-09-14 09:36 - 2013-06-10 21:16 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2013-09-14 09:36 - 2013-06-10 21:15 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-09-14 09:36 - 2013-06-10 21:15 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-09-14 09:36 - 2013-06-10 21:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2013-09-14 09:36 - 2013-06-10 21:10 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2013-09-14 09:36 - 2013-06-10 21:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2013-09-14 09:36 - 2013-06-06 10:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2013-09-14 09:35 - 2013-08-03 06:30 - 04038144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-09-11 12:01 - 2013-09-14 10:22 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:58 - 2013-09-11 11:59 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:56 - 2013-09-11 11:58 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 18:59 - 2013-09-10 19:00 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 21:48 - 2013-09-16 14:25 - 00000000 ____D C:\AdwCleaner
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-08-30 09:48 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-09-02 21:46 - 2013-08-30 09:48 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-09-02 21:45 - 2013-09-02 21:46 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:45 - 2013-08-30 09:48 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-09-02 21:45 - 2013-08-30 09:48 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-09-02 21:45 - 2013-08-30 09:47 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 21:44 - 2013-08-30 09:47 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 16:57 - 2013-08-23 17:27 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:52 - 2013-08-23 16:56 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:07 - 2013-09-16 11:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-23 10:07 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 09:30 - 2013-08-23 10:04 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:39 - 2013-08-22 20:41 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 20:11 - 2013-09-16 09:42 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:51 - 2013-08-19 14:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:49 - 2013-07-02 02:44 - 00036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2013-08-19 14:49 - 2013-07-02 00:08 - 00247216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2013-08-19 14:47 - 2013-07-09 08:07 - 02233168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-08-19 14:47 - 2013-05-24 01:02 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2013-08-19 14:47 - 2013-05-24 00:25 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2013-08-19 14:43 - 2013-07-13 08:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 01889280 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-08-19 14:43 - 2013-07-13 08:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 08:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2013-08-19 14:43 - 2013-07-13 06:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2013-08-19 14:43 - 2013-07-13 06:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2013-08-19 14:38 - 2013-06-17 00:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2013-08-19 14:38 - 2013-06-01 13:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-08-19 14:38 - 2013-06-01 13:29 - 00337152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-08-19 14:38 - 2013-06-01 13:29 - 00213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-08-19 14:38 - 2013-06-01 13:26 - 06987008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-08-19 14:38 - 2013-06-01 13:26 - 00327936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2013-08-19 14:38 - 2013-06-01 12:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-08-19 14:38 - 2013-06-01 11:25 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2013-08-19 14:38 - 2013-06-01 11:22 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2013-08-19 14:38 - 2013-06-01 11:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2013-08-19 14:38 - 2013-06-01 11:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-08-19 14:38 - 2013-06-01 11:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-08-19 14:38 - 2013-06-01 11:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00785408 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2013-08-19 14:38 - 2013-06-01 11:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2013-08-19 14:38 - 2013-06-01 05:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2013-08-19 14:38 - 2013-05-25 00:09 - 01403296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01271584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2013-08-19 14:38 - 2013-05-25 00:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2013-08-19 14:38 - 2013-05-25 00:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2013-08-19 14:38 - 2013-04-16 04:34 - 01455368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-08-19 14:38 - 2013-04-09 04:34 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2013-08-19 14:37 - 2013-05-31 01:24 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-08-19 14:37 - 2013-05-31 01:08 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-08-19 14:37 - 2013-05-15 04:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2013-08-19 14:37 - 2013-05-15 04:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2013-08-19 14:37 - 2013-05-15 04:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2013-08-19 14:37 - 2013-05-04 09:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2013-08-19 14:37 - 2013-05-04 09:34 - 00446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-08-19 14:37 - 2013-05-04 09:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-08-19 14:37 - 2013-05-04 08:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 08:59 - 01483776 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2013-08-19 14:37 - 2013-05-04 08:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2013-08-19 14:37 - 2013-05-04 08:58 - 10116096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2013-08-19 14:37 - 2013-05-04 08:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 02305024 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 08:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 08:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2013-08-19 14:37 - 2013-05-04 06:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 08857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2013-08-19 14:37 - 2013-05-04 06:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00582144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2013-08-19 14:37 - 2013-05-04 06:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2013-08-19 14:37 - 2013-05-04 06:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2013-08-19 14:37 - 2013-05-04 06:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2013-08-19 14:37 - 2013-05-04 06:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2013-08-19 14:37 - 2013-05-04 06:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2013-08-19 14:37 - 2013-04-09 07:17 - 01829408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2013-08-19 14:37 - 2013-04-09 06:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2013-08-19 14:37 - 2013-04-09 06:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2013-08-19 14:37 - 2013-04-08 23:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2013-08-19 14:37 - 2013-04-08 23:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-08-19 14:36 - 2013-04-09 07:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2013-08-19 14:36 - 2013-04-09 07:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2013-08-19 14:36 - 2013-04-09 07:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2013-08-19 14:36 - 2013-04-09 07:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2013-08-19 14:36 - 2013-04-09 06:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-09 06:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2013-08-19 14:36 - 2013-04-09 06:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2013-08-19 14:36 - 2013-04-09 06:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2013-08-19 14:36 - 2013-04-09 06:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2013-08-19 14:36 - 2013-04-09 06:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2013-08-19 14:36 - 2013-04-09 06:48 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2013-08-19 14:36 - 2013-04-09 04:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2013-08-19 14:36 - 2013-04-09 04:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2013-08-19 14:36 - 2013-04-09 04:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2013-08-19 14:36 - 2013-04-09 04:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2013-08-19 14:36 - 2013-04-09 01:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2013-08-19 14:36 - 2013-04-09 01:39 - 01408896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2013-08-19 14:36 - 2013-04-09 01:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-08-19 14:36 - 2013-04-08 23:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2013-08-19 14:36 - 2013-04-08 23:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2013-08-19 14:36 - 2013-04-08 23:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2013-08-19 14:36 - 2013-04-08 23:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2013-08-19 14:36 - 2013-04-05 01:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2013-08-19 14:36 - 2013-03-16 00:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2013-08-19 14:36 - 2012-12-13 06:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2013-08-19 14:36 - 2012-12-13 05:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

==================== One Month Modified Files and Folders =======

2013-09-16 14:35 - 2013-09-16 14:35 - 00001956 _____ C:\Users\Neuer Besitzer\Desktop\AdwCleaner[S1].txt
2013-09-16 14:34 - 2013-09-16 12:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\FreePDF_XP
2013-09-16 14:34 - 2013-02-28 23:00 - 00001118 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-16 14:33 - 2013-09-16 14:33 - 00291584 _____ C:\WINDOWS\Minidump\091613-57578-01.dmp
2013-09-16 14:33 - 2013-09-16 14:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-16 14:33 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-16 14:33 - 2012-07-26 09:21 - 00678954 _____ C:\WINDOWS\setupact.log
2013-09-16 14:32 - 2013-09-16 14:32 - 499418560 _____ C:\WINDOWS\MEMORY.DMP
2013-09-16 14:32 - 2012-11-01 22:40 - 00047256 _____ C:\WINDOWS\PFRO.log
2013-09-16 14:29 - 2012-01-18 00:30 - 00000466 _____ C:\WINDOWS\Tasks\SystemToolsDailyTest.job
2013-09-16 14:26 - 2012-11-01 22:58 - 01997269 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\WinStore
2013-09-16 14:26 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-09-16 14:26 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2013-09-16 14:25 - 2013-09-02 21:48 - 00000000 ____D C:\AdwCleaner
2013-09-16 14:23 - 2013-09-16 14:23 - 01039554 _____ C:\Users\Neuer Besitzer\Desktop\adwcleaner (1).exe
2013-09-16 14:22 - 2012-01-18 00:30 - 00000528 _____ C:\WINDOWS\Tasks\PCDoctorBackgroundMonitorTask.job
2013-09-16 14:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-09-16 13:47 - 2013-02-28 23:00 - 00001122 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-16 13:22 - 2013-09-16 13:22 - 00090823 _____ C:\Users\Neuer Besitzer\Desktop\Gmer2.txt
2013-09-16 13:21 - 2013-09-16 13:21 - 00087446 _____ C:\Users\Neuer Besitzer\Desktop\Gmer1.txt
2013-09-16 12:39 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-09-16 12:38 - 2013-09-16 12:38 - 00178269 _____ C:\Users\Neuer Besitzer\Desktop\Gmer.txt
2013-09-16 12:23 - 2012-07-26 12:27 - 00753134 _____ C:\WINDOWS\system32\perfh007.dat
2013-09-16 12:23 - 2012-07-26 12:27 - 00155826 _____ C:\WINDOWS\system32\perfc007.dat
2013-09-16 12:23 - 2012-07-26 09:28 - 01745416 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-16 12:18 - 2013-09-16 12:18 - 00377856 _____ C:\Users\Neuer Besitzer\Desktop\gmer_2.1.19163.exe
2013-09-16 12:16 - 2013-09-16 12:15 - 00066210 _____ C:\Users\Neuer Besitzer\Desktop\FRST1.txt
2013-09-16 12:15 - 2013-09-16 12:15 - 00037397 _____ C:\Users\Neuer Besitzer\Desktop\Addition.txt
2013-09-16 12:14 - 2013-09-16 12:14 - 00000000 ____D C:\FRST
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\ProgramData\FreePDF
2013-09-16 12:06 - 2013-09-16 12:06 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-09-16 12:05 - 2013-09-16 12:05 - 00000000 ____D C:\Program Files\gs
2013-09-16 11:59 - 2013-09-16 11:58 - 13245963 _____ C:\Users\Neuer Besitzer\Downloads\gs910w64.exe
2013-09-16 11:58 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-09-16 11:29 - 2013-09-16 11:26 - 35282727 _____ C:\Users\Neuer Besitzer\Downloads\ghostscript-9.10.tar.gz
2013-09-16 11:22 - 2013-09-16 11:22 - 03866624 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\FreePDF4.08.EXE
2013-09-16 11:17 - 2013-08-23 10:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 11:07 - 2013-08-16 16:08 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2216669695-2906418150-1901199515-1003
2013-09-16 09:42 - 2013-08-21 20:11 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\avgchrome
2013-09-16 09:13 - 2012-07-26 07:26 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2013-09-16 09:05 - 2013-09-16 09:05 - 01951150 _____ (Farbar) C:\Users\Neuer Besitzer\Desktop\FRST64.exe
2013-09-16 09:04 - 2013-09-16 09:04 - 00000490 _____ C:\Users\Neuer Besitzer\Desktop\defogger_disable.log
2013-09-16 09:04 - 2013-09-16 09:04 - 00000000 _____ C:\Users\Neuer Besitzer\defogger_reenable
2013-09-16 09:04 - 2013-08-16 15:54 - 00000000 ____D C:\Users\Neuer Besitzer
2013-09-16 09:01 - 2013-09-16 09:01 - 00050477 _____ C:\Users\Neuer Besitzer\Desktop\Defogger.exe
2013-09-14 10:22 - 2013-09-11 12:01 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\vlc
2013-09-14 09:50 - 2013-09-14 09:49 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\dvdcss
2013-09-11 12:00 - 2013-09-11 12:00 - 00000871 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-09-11 12:00 - 2013-09-11 12:00 - 00000000 ____D C:\Program Files\VideoLAN
2013-09-11 11:59 - 2013-09-11 11:58 - 23071004 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.1.0-rc2-win64.exe
2013-09-11 11:58 - 2013-09-11 11:56 - 23003252 _____ C:\Users\Neuer Besitzer\Downloads\vlc-2.0.8_win32.exe
2013-09-11 11:53 - 2013-09-11 11:53 - 00392016 _____ (Softonic                                        ) C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe
2013-09-10 19:00 - 2013-09-10 18:59 - 05939176 _____ (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Neuer Besitzer\Downloads\g2m_codec.exe
2013-09-10 18:58 - 2013-09-10 18:58 - 00000216 _____ C:\Users\Neuer Besitzer\Downloads\2AD4D15214661C00.asx
2013-09-10 09:43 - 2013-02-28 23:01 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-10 09:06 - 2012-01-18 00:30 - 00000000 ____D C:\ProgramData\PCDr
2013-09-05 22:09 - 2013-01-29 20:54 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-09-05 22:09 - 2013-01-29 20:54 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-02 22:10 - 2013-05-12 13:38 - 00000000 ____D C:\Program Files\Bonjour Print Services
2013-09-02 22:09 - 2013-09-02 22:09 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iTunes
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files\iPod
2013-09-02 22:09 - 2013-09-02 22:09 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-09-02 22:08 - 2013-09-02 22:08 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Apple Computer
2013-09-02 22:08 - 2013-08-16 15:58 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Apple Computer
2013-09-02 22:05 - 2013-09-02 22:05 - 00867240 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npDeployJava1.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00263592 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-02 22:05 - 2013-09-02 22:05 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-02 22:05 - 2013-09-02 22:05 - 00000000 ____D C:\Program Files (x86)\Java
2013-09-02 22:05 - 2012-01-21 17:08 - 00789416 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-09-02 22:02 - 2013-05-16 23:32 - 00000030 _____ C:\WINDOWS\success64.log
2013-09-02 21:46 - 2013-09-02 21:46 - 00001922 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-09-02 21:46 - 2013-09-02 21:45 - 01037134 _____ C:\Users\Neuer Besitzer\Downloads\adwcleaner.exe
2013-09-02 21:45 - 2013-09-02 21:45 - 00003924 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2013-09-02 21:45 - 2013-09-02 21:45 - 00000000 _____ C:\WINDOWS\SysWOW64\config.nt
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\ProgramData\AVAST Software
2013-09-02 21:44 - 2013-09-02 21:44 - 00000000 ____D C:\Program Files\AVAST Software
2013-09-02 14:17 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-08-30 09:48 - 2013-09-02 21:46 - 00378944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00072016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00064288 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswTdi.sys
2013-08-30 09:48 - 2013-09-02 21:46 - 00033400 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswFsBlk.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 01030952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00204880 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00080816 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2013-08-30 09:48 - 2013-09-02 21:45 - 00065336 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2013-08-30 09:47 - 2013-09-02 21:45 - 00287840 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2013-08-30 09:47 - 2013-09-02 21:44 - 00041664 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Citrix
2013-08-29 18:19 - 2013-08-29 18:19 - 00000000 ____D C:\Program Files (x86)\Citrix
2013-08-29 12:58 - 2009-07-14 04:34 - 00000478 _____ C:\WINDOWS\win.ini
2013-08-26 09:51 - 2013-08-26 09:51 - 04708584 _____ C:\Users\Neuer Besitzer\Downloads\install_flash_player_ics.apk
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-25 19:35 - 2013-08-25 19:35 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-23 17:27 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\Documents\WISO Konto Online
2013-08-23 16:57 - 2013-08-23 16:57 - 00000117 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2013-08-23 16:57 - 2013-08-23 16:57 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service GmbH
2013-08-23 16:57 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service GmbH
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Buhl Data Service
2013-08-23 16:56 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
2013-08-23 16:52 - 2013-08-23 16:52 - 00002374 _____ C:\Users\Public\Desktop\WISO Konto Online 2013.lnk
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\ProgramData\MG_Prototyp
2013-08-23 16:52 - 2013-08-23 16:52 - 00000000 ____D C:\Program Files (x86)\Buhl
2013-08-23 10:52 - 2013-08-16 15:55 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Packages
2013-08-23 10:12 - 2012-11-01 22:38 - 00000000 ____D C:\Program Files (x86)\MSBuild
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2013-08-23 10:11 - 2013-08-23 10:11 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-08-23 10:11 - 2013-08-23 10:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-08-23 10:10 - 2013-08-23 10:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-08-23 10:09 - 2013-08-23 10:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2013-08-23 10:09 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files\Microsoft Office
2013-08-23 10:08 - 2013-08-23 10:08 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-08-23 10:08 - 2012-07-26 12:29 - 00000000 ____D C:\WINDOWS\ShellNew
2013-08-23 10:07 - 2013-08-23 10:07 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Microsoft Help
2013-08-23 10:06 - 2013-08-23 10:06 - 00000000 __RHD C:\MSOCache
2013-08-23 10:04 - 2013-08-23 09:30 - 712660056 _____ (Microsoft Corporation) C:\Users\Neuer Besitzer\Downloads\X16-32254.exe
2013-08-22 20:46 - 2013-08-22 20:46 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Macromedia
2013-08-22 20:41 - 2013-08-22 20:39 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Adobe
2013-08-21 06:12 - 2013-09-14 09:36 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-08-21 06:12 - 2013-09-14 09:36 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-08-21 06:11 - 2013-09-14 09:36 - 19246592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-08-21 06:11 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-08-21 04:34 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-08-21 04:06 - 2013-09-14 09:36 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-08-21 04:06 - 2013-09-14 09:36 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-08-21 04:06 - 2013-09-14 09:36 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 14332928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-08-21 04:05 - 2013-09-14 09:36 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-08-21 03:43 - 2013-09-14 09:36 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-08-21 01:52 - 2013-09-14 09:36 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-08-19 21:56 - 2013-08-19 21:56 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-19 21:56 - 2013-08-19 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 21:55 - 2013-05-12 13:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-19 16:09 - 2013-08-19 16:09 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\PCDr
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2013-08-19 15:51 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2013-08-19 15:51 - 2012-07-26 07:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2013-08-19 15:09 - 2013-08-19 15:09 - 00000149 _____ C:\Users\Neuer Besitzer\Documents\Windows8 Product Key.txt
2013-08-19 15:05 - 2013-08-19 15:05 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\OpenOffice.org
2013-08-19 15:05 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-19 14:59 - 2013-08-19 14:59 - 00001063 _____ C:\Users\Public\Desktop\zebNet® Windows Keyfinder TNG.lnk
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 14:59 - 2013-08-19 14:59 - 00000000 ____D C:\Program Files\zebNet
2013-08-19 14:56 - 2013-08-19 14:56 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Local\Google
2013-08-19 14:52 - 2013-08-19 14:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-08-19 14:51 - 2013-08-19 14:51 - 00000000 ____D C:\Users\Neuer Besitzer\AppData\Roaming\Macromedia
2013-08-19 14:51 - 2012-04-07 20:59 - 78161360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-08-19 13:52 - 2013-08-16 15:57 - 00000000 ___RD C:\Users\Neuer Besitzer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-08-19 13:50 - 2012-07-26 07:37 - 00000000 ____D C:\WINDOWS\servicing
2013-08-19 13:47 - 2012-07-26 12:29 - 00000000 ____D C:\Program Files\Windows Journal

Some content of TEMP:
====================
C:\Users\Neuer Besitzer\AppData\Local\Temp\6_Offer_11.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\Quarantine.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\tmp60F8.exe
C:\Users\Neuer Besitzer\AppData\Local\Temp\unrar.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-09-16 11:08

==================== End Of Log ============================
         
--- --- ---

2. Malwarebytes Log:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.09.16.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Neuer Besitzer :: USER-PC [Administrator]

16.09.2013 15:07:07
MBAM-log-2013-09-16 (15-11-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 251332
Laufzeit: 4 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 15
HKCR\AppID\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{14B1B6D0-D25F-4418-94E3-EC2B5AEE9756} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\AppID\{A2773ED4-83BD-488A-A186-73590706C916} (PUP.Optional.MixiDJToolbar.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{2C141B4C-B5BA-4E89-BE73-F71ED4A208CF} (PUP.Optional.MixiDJToolbar.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{7D0EE142-0642-4FDD-AF73-7399C04E1041} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\esrv.mixidjESrvc.1 (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\esrv.mixidjESrvc (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{C3F978C3-0594-4397-B8E6-3F9D9BE6A7B9} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\CLSID\{F9221CC8-22DF-4CEF-B8ED-BA87F1F09878} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\m (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Typelib\{8BA772A8-AC4F-4954-9B5E-433CA6DC506F} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{108F5878-71F9-4B5C-9EC0-58CEC29E8124} (PUP.Optional.Delta.A) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A105B30B-D103-4781-B18C-E8DF93B6EBD0} (PUP.Optional.MixiDJ.A) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Keine Aktion durchgeführt.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj\mixidj (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\mt_ffx\mixidj\mixidj\1.8.18.8 (PUP.Optional.MixiDJToolBar.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\ProgramData\InstallMate\{1A3C22F2-D546-4EC0-927E-EFAEDAC18C52}\Setup.exe (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\ProgramData\InstallMate\{1A3C22F2-D546-4EC0-927E-EFAEDAC18C52}\TsuDll.dll (PUP.Optional.Tarma.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\Product108.exe (PUP.Optional.Smart) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\MyMixiTB.exe (PUP.Optional.MixiDJ.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\AppData\Local\Temp\9D95DAF4-BAB0-7891-92BB-7609E15EA50E\Latest\Setup.exe (PUP.Babylon.A) -> Keine Aktion durchgeführt.
C:\Users\Neuer Besitzer\Downloads\SoftonicDownloader_for_vlc-media-player.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.

(Ende)
         
3. Ergebnis Eset Scan:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6cf6228a3c184944bd7cb6cae5217131
# engine=15150
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-16 02:42:56
# local_time=2013-09-16 04:42:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=774 16777213 85 91 1191436 156052448 0 0
# compatibility_mode=5893 16776574 100 94 1191350 6626051 0 0
# scanned=189241
# found=2
# cleaned=0
# scan_time=4325
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=E380C75C9904013FB23E09EB8B819B8B4998FD6A ft=1 fh=8a21180e008fd756 vn="multiple threats" ac=I fn="C:\Windows\Temp\Optimizer_Pro.exe"
         

Antwort

Themen zu Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise
avast, besitzer, browser, computer, dateien, eingeschränkt, explorer, firefox, folge, gebraucht, gmer, internet, internet explorer, langsam, laptop, links, pdf, popups, problem, scan, spyware, surfen, system, virenscanner, windows, windows 8 64 bit, öffnen




Ähnliche Themen: Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise


  1. Windows 8.1 64bit: Ungewollte Werbe-Tabs in Mozilla Firefox
    Log-Analyse und Auswertung - 08.04.2015 (15)
  2. Windows 7 (64bit): Werbung / Popups im Browser. "Hold Page" und mehr?
    Log-Analyse und Auswertung - 19.02.2015 (26)
  3. Firefox - Problem mit selbstständig öffnenden Seiten, Werbung, Hinweise zum Update
    Plagegeister aller Art und deren Bekämpfung - 29.07.2014 (16)
  4. Windows 7: Werbung und Popups im Firefox, unterstrichene Wörter mit PopUps bei Mouse-Over EXP/JAVA.Rafold.A.Gen
    Log-Analyse und Auswertung - 03.02.2014 (5)
  5. Im Firefox unter Windows 7, 64bit bekomme ich plötzlich Werbung im Browser (Links und rechts flackernde Anzeigen, pp. und Popups.
    Plagegeister aller Art und deren Bekämpfung - 05.01.2014 (51)
  6. Internetexplorer - ständige Popups und Werbung von jsf.sticket.net
    Plagegeister aller Art und deren Bekämpfung - 24.11.2013 (9)
  7. Windows 7 64bit/ Mozilla Firefox / Popups mit Spyware warnung
    Plagegeister aller Art und deren Bekämpfung - 18.11.2013 (9)
  8. Windows 7: wieder weiße Popups in Firefox
    Log-Analyse und Auswertung - 26.10.2013 (11)
  9. dass Internetexplorer, Crome und Firefox auf Qv06 umgeleitet - PC System W7 – 64BIT
    Alles rund um Windows - 09.10.2013 (2)
  10. Windows 8-64Bit Spyware Probleme,DRINGEND...
    Plagegeister aller Art und deren Bekämpfung - 04.10.2013 (5)
  11. Windows 7: Werbe-PopUps (Warnung vor Spyware, wenig Speicherplatz,...)
    Log-Analyse und Auswertung - 23.09.2013 (12)
  12. Windows 7, 64bit: plötzlich Werbung im Browser (Links und flackernde Anzeigen, pp.) und Popups
    Log-Analyse und Auswertung - 14.09.2013 (9)
  13. Internetexplorer öffnet trotz Firefox Popups ! Virus?
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (53)
  14. Internetexplorer Popups, Werbung, Wave Sound Regelung, komische Musik
    Plagegeister aller Art und deren Bekämpfung - 18.07.2010 (6)
  15. Internetexplorer sorgt für Werbe-Popups selbst wenn er nicht läuft
    Log-Analyse und Auswertung - 14.07.2010 (29)
  16. Sshnas21.dll - TR/Agent.Huy - Firefox/internetexplorer/Opera tot (C:/Windows/
    Plagegeister aller Art und deren Bekämpfung - 07.05.2010 (1)
  17. trojaner, spyware oer virus?? werbung im internetexplorer
    Plagegeister aller Art und deren Bekämpfung - 11.03.2008 (1)

Zum Thema Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise - Habe einen Laptop gebraucht mit Windows 8 installiert gekauft. Von Beginn an, habe ich das Phänomen, dass sich sowohl in Firefox, wie auch im Internet Explorer (weitere Browser habe ich - Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise...
Archiv
Du betrachtest: Windows 8 64bit - Hinweis auf Spyware in InternetExplorer und Firefox mit öffnenden Popups und Downloadhinweise auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.