| |
| |||||||
Log-Analyse und Auswertung: http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke LeistungsmängelWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
18.11.2013, 17:47
| #1 |
| |  http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel Guten Tag, So wie einige andere hier habe ich das Problem, dass sich die Seite "http-rvzr-a-akamaihd-net" sich selbstständig öffnet und die Leistung meines PCs deutlich schlechter ist (hängt sich sogar mehrere Male am Tag auf). Da ich auf dem Gebiet wirklich wenig Ahnung habe versuch ich mich an die "Anleitung für Hilfesuchende bei Trojaner- und Virenbefall" zu halten: Informationen: Vorweg, ich benutze Windows 7 64 Bit, Firefox und hab Virenschutzmässig nur die kostenlose Version von Avast. Edit: Ich weis nicht ob es damit zusammen hängt, aber meine Flashplayer für Firefox stürtzt ebenfalls mehrmals täglich ab. Defogger hat keine Fehlermeldung ausgegeben Frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by Janik (ATTENTION: The logged in user is not administrator) on JANIKSPC on 18-11-2013 16:51:27
Running from C:\Users\Janik\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Dropbox, Inc.) C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-28] (Realtek Semiconductor)
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\Runonce: [InstallShieldSetup] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup1] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKLM-x32\...\Runonce: [InstallShieldSetup2] - C:\PROGRA~2\INSTAL~1\{9D15E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{9D15E~1\reboot.ini [x]
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
MountPoints2: {505ac668-b2e5-11e0-be37-002522a1d429} - E:\DTVP_Launcher.exe
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Janik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x804583C7A3FBCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_22\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.53.2.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default
FF Homepage: hxxp://www.google.de/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1))%20%7B%20return%20'PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.3 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.3\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=0.80.0 - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Extension: Feven 1.5 - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\249911bc-d1bd-4d66-8c17-df533609e6d8@c76f3de9-939e-4922-b73c-5d7a3139375d.com
FF Extension: Battlefield Heroes Updater - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Battlefield Play4Free - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\battlefieldplay4free@ea.com
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\Janik\AppData\Roaming\Mozilla\Firefox\Profiles\1xxc53eq.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-11-27] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-27] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-27] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-27] ()
S3 RTCore64; C:\after\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 X6va005; \??\C:\Users\ADMINI~1\AppData\Local\Temp\005E51A.tmp [x]
S3 X6va006; \??\C:\Users\ADMINI~1\AppData\Local\Temp\0062148.tmp [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-18 16:51 - 2013-11-18 16:52 - 00016234 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:49 - 2013-11-18 16:49 - 01958026 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:20 - 2013-11-17 12:21 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-14 20:08 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 20:08 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 20:08 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 20:08 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 20:08 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 20:08 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 20:08 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 20:07 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 20:07 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 20:07 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 20:07 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 20:07 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 16:11 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:11 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:10 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:10 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:10 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:10 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:10 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:09 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:09 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:09 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:09 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:09 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:09 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:09 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:09 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:09 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:09 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:09 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:09 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-13 16:08 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:08 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:08 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:08 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:30 - 2013-11-01 17:31 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-21 15:48 - 2013-11-07 23:25 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 12:08 - 2013-10-21 13:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Desk 365
2013-10-20 21:37 - 2013-10-21 13:58 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-20 21:35 - 2013-11-18 14:30 - 00000364 _____ C:\Windows\Tasks\spmonitor.job
2013-10-20 21:34 - 2013-11-18 14:30 - 00000286 _____ C:\Windows\Tasks\SpeedUpMyPC.job
2013-10-20 21:34 - 2013-10-21 13:07 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-20 21:34 - 2013-10-21 13:05 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-20 21:32 - 2013-10-20 21:32 - 00319200 _____ C:\Users\Janik\Downloads\Java.exe
==================== One Month Modified Files and Folders =======
2013-11-18 16:52 - 2013-11-18 16:51 - 00016234 _____ C:\Users\Janik\Desktop\FRST.txt
2013-11-18 16:51 - 2013-11-18 16:51 - 00000000 ____D C:\FRST
2013-11-18 16:51 - 2011-09-01 15:01 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Skype
2013-11-18 16:50 - 2013-11-18 16:50 - 00050477 _____ C:\Users\Janik\Downloads\Defogger.exe
2013-11-18 16:49 - 2013-11-18 16:49 - 01958026 _____ (Farbar) C:\Users\Janik\Desktop\FRST64.exe
2013-11-18 16:48 - 2013-11-18 16:48 - 00000500 _____ C:\Users\Janik\Desktop\defogger_disable.log
2013-11-18 16:48 - 2011-04-06 20:06 - 00000000 ____D C:\Users\Administrator Janik
2013-11-18 16:45 - 2013-11-18 16:45 - 00050477 _____ C:\Users\Janik\Desktop\Defogger.exe
2013-11-18 16:23 - 2011-05-05 19:55 - 00000000 ____D C:\Users\Janik\AppData\Roaming\TS3Client
2013-11-18 16:19 - 2013-09-06 19:26 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-18 15:49 - 2011-04-06 19:55 - 01580475 _____ C:\Windows\WindowsUpdate.log
2013-11-18 14:36 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-18 14:36 - 2009-07-14 05:45 - 00014800 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-18 14:31 - 2013-09-23 11:34 - 00000000 ___RD C:\Users\Janik\Dropbox
2013-11-18 14:31 - 2013-09-23 11:32 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Dropbox
2013-11-18 14:30 - 2013-10-20 21:35 - 00000364 _____ C:\Windows\Tasks\spmonitor.job
2013-11-18 14:30 - 2013-10-20 21:34 - 00000286 _____ C:\Windows\Tasks\SpeedUpMyPC.job
2013-11-18 14:30 - 2013-04-12 00:06 - 00000000 ____D C:\Users\Janik\AppData\Local\FreePDF_XP
2013-11-18 14:29 - 2013-09-06 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 14:29 - 2011-04-08 13:35 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-18 14:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 14:29 - 2009-07-14 05:51 - 00138411 _____ C:\Windows\setupact.log
2013-11-17 20:30 - 2013-02-01 19:41 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-17 20:30 - 2011-09-01 15:01 - 00000000 ____D C:\ProgramData\Skype
2013-11-17 15:54 - 2013-11-17 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-17 12:24 - 2011-04-15 18:12 - 00000000 ____D C:\Program Files (x86)\Electronic Arts
2013-11-17 12:21 - 2013-11-17 12:20 - 00000000 ____D C:\Users\Janik\Documents\BFBC2
2013-11-17 12:20 - 2011-04-15 20:22 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.xtr
2013-11-17 12:20 - 2011-04-15 18:37 - 00215128 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-11-17 01:17 - 2013-10-01 16:52 - 00000000 ____D C:\Users\Janik\Desktop\Esis
2013-11-14 20:37 - 2011-07-08 12:58 - 00000000 ____D C:\Users\Janik\AppData\Local\CrashDumps
2013-11-14 20:06 - 2013-08-19 12:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 20:05 - 2013-01-22 16:26 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 21:22 - 2011-10-31 15:32 - 00000000 ____D C:\Users\Janik\Desktop\Was noch so rumfliegt
2013-11-11 13:36 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-09 18:55 - 2009-07-14 18:58 - 00696832 _____ C:\Windows\system32\perfh007.dat
2013-11-09 18:55 - 2009-07-14 18:58 - 00148128 _____ C:\Windows\system32\perfc007.dat
2013-11-09 18:55 - 2009-07-14 06:13 - 01613340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-07 23:25 - 2013-10-21 15:48 - 00000000 ____D C:\Users\Janik\Desktop\GG
2013-11-06 16:44 - 2011-05-05 19:55 - 00000000 ____D C:\Program Files\ts3
2013-11-04 14:04 - 2013-11-04 14:04 - 00000000 ____D C:\Users\Janik\Desktop\LOLPBE
2013-11-02 22:35 - 2013-11-02 22:35 - 00000000 ____D C:\Users\Janik\Documents\League of Legends
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:31 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2013-11-01 17:31 - 2013-11-01 17:30 - 18080872 _____ (Adobe Systems Inc.) C:\Users\Janik\Downloads\AdobeAIRInstaller.exe
2013-11-01 17:31 - 2011-05-13 19:16 - 00000000 ____D C:\Users\Janik\AppData\Local\Adobe
2013-11-01 17:31 - 2011-04-15 20:31 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\ProgramData\Adobe
2013-11-01 17:31 - 2011-04-07 20:13 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-01 17:29 - 2012-01-23 22:23 - 00000000 ____D C:\Program Files\Java
2013-11-01 17:24 - 2013-11-01 17:24 - 00000000 ____D C:\ProgramData\Oracle
2013-11-01 17:23 - 2013-11-01 17:23 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-01 17:23 - 2012-01-23 22:23 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-01 17:23 - 2012-01-23 22:23 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-01 17:22 - 2013-11-01 17:22 - 30694824 _____ (Oracle Corporation) C:\Users\Janik\Downloads\jre-7u45-windows-x64.exe
2013-11-01 17:21 - 2013-09-06 19:17 - 00001151 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-01 17:19 - 2013-11-01 17:19 - 23294592 _____ (Mozilla) C:\Users\Janik\Downloads\Firefox_Setup_25.0.exe
2013-10-31 08:58 - 2011-04-08 13:20 - 00335344 _____ C:\Windows\PFRO.log
2013-10-21 14:19 - 2013-10-21 14:19 - 00001865 _____ C:\Users\Janik\Downloads\Sklansky-Tabelle.zip
2013-10-21 13:58 - 2013-10-20 21:37 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-21 13:58 - 2013-10-06 11:47 - 00000000 ____D C:\Users\Janik\bluej
2013-10-21 13:58 - 2011-12-28 16:47 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-21 13:58 - 2011-12-04 14:26 - 00000000 ____D C:\Windows\Minidump
2013-10-21 13:58 - 2011-11-17 16:05 - 00000000 ____D C:\Users\Janik\AppData\Local\Akamai
2013-10-21 13:58 - 2011-09-29 22:48 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-21 13:58 - 2011-09-29 15:47 - 00000000 ____D C:\ProgramData\Origin
2013-10-21 13:58 - 2011-04-20 07:18 - 00000000 ____D C:\Users\Tom
2013-10-21 13:58 - 2011-04-08 13:34 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-21 13:58 - 2011-04-08 13:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-21 13:58 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-10-21 13:57 - 2013-10-14 20:16 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-21 13:57 - 2011-04-15 20:26 - 00000000 ____D C:\Users\Janik\AppData\Local\PunkBuster
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\security
2013-10-21 13:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-21 13:07 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-21 13:05 - 2013-10-20 21:34 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-10-21 13:04 - 2011-09-29 15:47 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-21 13:01 - 2013-10-21 12:08 - 00000000 ____D C:\Users\Janik\AppData\Roaming\Desk 365
2013-10-21 13:00 - 2011-04-08 15:05 - 00000000 ____D C:\Users\Janik
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-21 12:06 - 2011-12-21 16:56 - 00064536 _____ C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-20 21:34 - 2011-06-11 01:58 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-10-20 21:34 - 2011-06-11 01:58 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-10-20 21:32 - 2013-10-20 21:32 - 00319200 _____ C:\Users\Janik\Downloads\Java.exe
Some content of TEMP:
====================
C:\Users\Janik\AppData\Local\Temp\CF_Downloader.exe
C:\Users\Janik\AppData\Local\Temp\DLBT.dll
C:\Users\Janik\AppData\Local\Temp\EADCBB7.exe
C:\Users\Janik\AppData\Local\Temp\installerdll1613565.dll
C:\Users\Janik\AppData\Local\Temp\installerdll358443.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5023856.dll
C:\Users\Janik\AppData\Local\Temp\installerdll5515649.dll
C:\Users\Janik\AppData\Local\Temp\installerdll6632897.dll
C:\Users\Janik\AppData\Local\Temp\Setup.exe
C:\Users\Janik\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
Additon.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-11-2013 02
Ran by Janik at 2013-11-18 16:52:36
Running from C:\Users\Janik\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Acrobat.com (x32 Version: 0.0.0)
Acrobat.com (x32 Version: 1.1.377)
Adobe AIR (x32 Version: 3.9.0.1030)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.3.633)
Akamai NetSession Interface (HKCU)
Akamai NetSession Interface Service (x32)
ASRock App Charger v1.0.4
ASRock eXtreme Tuner v0.1.54 (x32)
ASRock InstantBoot v1.26 (x32)
Assassin's Creed(R) III v1.06 (x32 Version: 1.06)
avast! Free Antivirus (x32 Version: 8.0.1489.0)
Battlefield 3™ (x32 Version: 1.0.0.0)
Battlelog Web Plugins (x32 Version: 2.3.0)
BlueJ (x32 Version: 3.1.0)
Die Sims™ 3 (x32 Version: 1.33.2)
Dropbox (HKCU Version: 2.0.26)
ESN Sonar (x32 Version: 0.70.0)
ESN Sonar (x32 Version: 0.70.3)
ESN Sonar (x32 Version: 0.70.4)
Etron USB3.0 Host Controller (x32 Version: 0.96)
FreePDF (Remove only) (x32)
Geeks3D.com FurMark 1.9.1 (x32)
GPL Ghostscript (x32 Version: 9.04)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
James Bond 007(TM) - Blood Stone (x32 Version: 1.0)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java SE Development Kit 7 Update 40 (64-bit) (Version: 1.7.0.400)
League of Legends (x32 Version: 1.02.0000)
League of Legends (x32 Version: 3.0.1)
marvell 91xx driver (x32 Version: 1.0.0.1047)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319)
Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4)
Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0)
Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4)
Microsoft Visual C# 2010 Express - DEU (x32 Version: 10.0.30319)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Mozilla Firefox 25.0.1 (x86 en-US) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
MSI Afterburner 2.3.1 (x32 Version: 2.3.1)
NVIDIA 3D Vision Controller Driver (x32 Version: 280.19)
NVIDIA 3D Vision Controller-Treiber 326.01 (Version: 326.01)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23)
NVIDIA Grafiktreiber 327.23 (Version: 327.23)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.133.902)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723)
NVIDIA Systemsteuerung 327.23 (Version: 327.23)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
Origin (x32 Version: 8.5.0.4550)
Pando Media Booster (x32 Version: 2.6.0.1)
PDF-Viewer (Version: 2.5.210.0)
PunkBuster Services (x32 Version: 0.991)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.23.623.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6167)
RedMon - Redirection Port Monitor
Skype™ 6.10 (x32 Version: 6.10.104)
Snap.Do (x32 Version: 1.138.1.12259)
swMSM (x32 Version: 12.0.0.1)
Tag - IGF Professional 2008 (x32)
TeamSpeak 3 Client (HKCU)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Uplay (x32 Version: 2.0)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0)
WinRAR 4.01 (64-Bit) (Version: 4.01.0)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\SpeedUpMyPC.job => ?
Task: C:\Windows\Tasks\spmonitor.job => ?
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/18/2013 04:28:37 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: f64
Startzeit: 01cee4628164df5a
Endzeit: 1862
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 144e0ecc-5066-11e3-9348-002522a1d429
Error: (11/14/2013 08:37:55 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.13.0.399, Zeitstempel: 0x526ed0a3
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/09/2013 07:33:21 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.0.5046, Zeitstempel: 0x526b1e27
Name des fehlerhaften Moduls: xul.dll, Version: 25.0.0.5046, Zeitstempel: 0x526b1d27
Ausnahmecode: 0xc0000005
Fehleroffset: 0x001157e7
ID des fehlerhaften Prozesses: 0x1284
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (11/02/2013 11:12:28 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.14.0.163, Zeitstempel: 0x5271dabe
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0x10d0
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/02/2013 09:39:42 PM) (Source: Application Hang) (User: )
Description: Programm rads_user_kernel.exe, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 784
Startzeit: 01ced80b84f1818e
Endzeit: 0
Anwendungspfad: C:\Users\Janik\AppData\Local\Temp\Rar$EX01.056\LOLPBE\RADS\system\rads_user_kernel.exe
Berichts-ID: e2cbbb30-43fe-11e3-a605-002522a1d429
Error: (10/30/2013 10:39:15 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/30/2013 07:00:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b537
Name des fehlerhaften Moduls: AC3SP.exe, Version: 0.0.0.0, Zeitstempel: 0x5155b537
Ausnahmecode: 0xc0000005
Fehleroffset: 0x003f36c2
ID des fehlerhaften Prozesses: 0x12b0
Startzeit der fehlerhaften Anwendung: 0xAC3SP.exe0
Pfad der fehlerhaften Anwendung: AC3SP.exe1
Pfad des fehlerhaften Moduls: AC3SP.exe2
Berichtskennung: AC3SP.exe3
Error: (10/26/2013 04:09:00 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/25/2013 05:25:06 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error: (10/24/2013 10:18:04 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (11/18/2013 04:27:31 PM) (Source: nvlddmkm) (User: )
Description: \Device\Video5!0702(24f8)
Error: (11/18/2013 02:31:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/18/2013 02:31:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 05:46:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/17/2013 05:46:42 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 05:44:12 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 17.11.2013 um 17:41:24 unerwartet heruntergefahren.
Error: (11/17/2013 02:05:25 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (11/17/2013 00:05:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/17/2013 00:05:48 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/17/2013 01:16:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (11/18/2013 04:28:37 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064f6401cee4628164df5a1862C:\Program Files (x86)\Mozilla Firefox\firefox.exe144e0ecc-5066-11e3-9348-002522a1d429
Error: (11/14/2013 08:37:55 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.13.0.399526ed0a3cgD3D9.dll3.0.0.164d55a06fc0000005000b6539d6c01cee170d88f7e89C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exeC:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\cgD3D9.dll41c3503c-4d64-11e3-a5ed-002522a1d429
Error: (11/09/2013 07:33:21 PM) (Source: Application Error)(User: )
Description: firefox.exe25.0.0.5046526b1e27xul.dll25.0.0.5046526b1d27c0000005001157e7128401cedd6f9f43fcc5C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll6848aa5a-496d-11e3-b654-002522a1d429
Error: (11/02/2013 11:12:28 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.14.0.1635271dabecgD3D9.dll3.0.0.164d55a06fc0000005000b653910d001ced81872bd617cC:\Users\Janik\AppData\Local\Temp\Rar$EX25.056\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.191\deploy\League of Legends.exeC:\Users\Janik\AppData\Local\Temp\Rar$EX25.056\LOLPBE\RADS\solutions\lol_game_client_sln\releases\0.0.1.191\deploy\cgD3D9.dlldbb84232-440b-11e3-a605-002522a1d429
Error: (11/02/2013 09:39:42 PM) (Source: Application Hang)(User: )
Description: rads_user_kernel.exe0.0.0.078401ced80b84f1818e0C:\Users\Janik\AppData\Local\Temp\Rar$EX01.056\LOLPBE\RADS\system\rads_user_kernel.exee2cbbb30-43fe-11e3-a605-002522a1d429
Error: (10/30/2013 10:39:15 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/30/2013 07:00:37 PM) (Source: Application Error)(User: )
Description: AC3SP.exe0.0.0.05155b537AC3SP.exe0.0.0.05155b537c0000005003f36c212b001ced596a4c9b999C:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exeC:\Program Files (x86)\Ubisoft\Assassin's Creed III\AC3SP.exe2da68166-418d-11e3-a571-002522a1d429
Error: (10/26/2013 04:09:00 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/25/2013 05:25:06 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
Error: (10/24/2013 10:18:04 PM) (Source: SideBySide)(User: )
Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 4078.71 MB
Available physical RAM: 2528.07 MB
Total Pagefile: 8155.59 MB
Available Pagefile: 6326.1 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:330.2 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
"C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird." und nocheinmal diese Meldung mit einem anderen Pfad. (Ich hab die Meldungen abgenickt um den Scan zu beenden) gmer.txt: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-18 17:10:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 SAMSUNG_HD502HJ rev.1AJ10001 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\uwloypod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80004bee000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff80004bee011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[680] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[780] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[880] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[124] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[724] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[560] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1152] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1388] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1556] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1584] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\svchost.exe[2556] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010010075c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001003a4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100100b14
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100100ecc
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010010163c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100101284
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001019f4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\taskhost.exe[2884] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010018075c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001803a4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100180b14
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100180ecc
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010018163c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100181284
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001819f4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\Dwm.exe[2928] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010036075c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001003603a4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100360b14
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100360ecc
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010036163c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100361284
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001003619f4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\Explorer.EXE[2956] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010013075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001001303a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100130b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100130ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010013163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100131284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001001319f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2800] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010043075c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004303a4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100430b14
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100430ecc
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010043163c
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100431284
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004319f4
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2620] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100230804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100230600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100230a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100241014
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100240804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100240a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100240c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100240e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002401f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002403fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[2856] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100240600
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010041075c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004103a4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100410b14
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100410ecc
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010041163c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100411284
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004119f4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007775eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\system32\SearchIndexer.exe[2740] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001001c01f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001001c03fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 00000001001c0804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 00000001001c0600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 00000001001c0a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 00000001001d1014
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 00000001001d0804
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 00000001001d0a08
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 00000001001d0c0c
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 00000001001d0e10
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001001d01f8
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001001d03fc
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 00000001001d0600
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077311465 2 bytes [31, 77]
.text C:\Users\Janik\AppData\Local\Akamai\netsession_win.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000773114bb 2 bytes [31, 77]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2540] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002301f8
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002303fc
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100230804
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100230600
.text C:\Program Files (x86)\FreePDF_XP\fpassist.exe[1692] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100230a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001002401f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001002403fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100240804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100240600
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100240a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100251014
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100250804
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100250a08
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100250c0c
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100250e10
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002501f8
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002503fc
.text C:\Users\Janik\AppData\Roaming\Dropbox\bin\Dropbox.exe[3156] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 0000000100261014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 0000000100260804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 0000000100260a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 0000000100260c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 0000000100260e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001002601f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001002603fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe[3320] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 0000000100260600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077b1fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077b1fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077b1fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077b20038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077b21920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077b3c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077b41287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007754ee09 5 bytes JMP 00000001001201f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077553982 5 bytes JMP 00000001001203fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077557603 5 bytes JMP 0000000100120804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007755835c 5 bytes JMP 0000000100120600
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007756f52b 5 bytes JMP 0000000100120a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 00000000756e5181 5 bytes JMP 00000001001b1014
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 00000000756e5254 5 bytes JMP 00000001001b0804
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000756e53d5 5 bytes JMP 00000001001b0a08
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000756e54c2 5 bytes JMP 00000001001b0c0c
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000756e55e2 5 bytes JMP 00000001001b0e10
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 00000000756e567c 5 bytes JMP 00000001001b01f8
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 00000000756e589f 5 bytes JMP 00000001001b03fc
.text C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin[3516] C:\Windows\SysWOW64\sechost.dll!DeleteService 00000000756e5a22 5 bytes JMP 00000001001b0600
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077943b10 5 bytes JMP 000000010043075c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077947ac0 5 bytes JMP 00000001004303a4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077971430 5 bytes JMP 0000000100430b14
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077971490 5 bytes JMP 0000000100430ecc
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077971570 5 bytes JMP 000000010043163c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000779717b0 5 bytes JMP 0000000100431284
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000779727e0 5 bytes JMP 00000001004319f4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff9f6e00 5 bytes JMP 000007ff7fa11dac
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff9f6f2c 5 bytes JMP 000007ff7fa10ecc
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff9f7220 5 bytes JMP 000007ff7fa11284
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff9f739c 5 bytes JMP 000007ff7fa1163c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff9f7538 5 bytes JMP 000007ff7fa119f4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff9f75e8 5 bytes JMP 000007ff7fa103a4
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff9f790c 5 bytes JMP 000007ff7fa1075c
.text C:\Windows\System32\svchost.exe[3916] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff9f7ab4 5 bytes JMP 000007ff7fa10b14
.text C:\Users\Janik\Desktop\gmer_2.1.19163.exe[1268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075efa2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [256:1124] 000007fefb4ca2b0
Thread C:\Windows\System32\svchost.exe [256:1228] 000007fef87f20c0
Thread C:\Windows\System32\svchost.exe [256:1932] 000007fef87f26a8
Thread C:\Windows\System32\svchost.exe [256:2156] 000007fef87f29dc
Thread C:\Windows\System32\svchost.exe [256:1356] 000007fef92544e0
Thread C:\Windows\System32\svchost.exe [256:3948] 000007fef98c88f8
Thread C:\Windows\system32\svchost.exe [488:1912] 000007fef8cb0ea8
Thread C:\Windows\system32\svchost.exe [488:1948] 000007fef8ca9db0
Thread C:\Windows\system32\svchost.exe [488:1928] 000007fef8caaa10
Thread C:\Windows\system32\svchost.exe [488:336] 000007fef8cb1c94
Thread C:\Windows\System32\spoolsv.exe [1556:1236] 000007fefab010c8
Thread C:\Windows\System32\spoolsv.exe [1556:3028] 000007fef5be6144
Thread C:\Windows\System32\spoolsv.exe [1556:2700] 000007fef5cb5fd0
Thread C:\Windows\System32\spoolsv.exe [1556:2708] 000007fef6613438
Thread C:\Windows\System32\spoolsv.exe [1556:2712] 000007fef5cb63ec
Thread C:\Windows\System32\spoolsv.exe [1556:2152] 000007fef69e5e5c
Thread C:\Windows\System32\svchost.exe [3916:5084] 000007fef2f59688
---- EOF - GMER 2.1 ----
Tut mir Leid falls ich unnötige Informationen mitaufgenommen haben sollte, aber ich kann selbst nicht zwischen wichtig/unwichtig unterscheiden. Ich Hoffe, dass Ihr/Du/Sie mir helfen könnt/kannst/können, Janik Geändert von AmigoBandito (18.11.2013 um 17:54 Uhr) Grund: Einfall |
| Themen zu http-rvzr-a-akamaihd-net Automatische Öffnung/ Starke Leistungsmängel |
| adobe, antivirus, defender, error, farbar recovery scan tool, fehlermeldung, firefox, firefox 25.0.1, flash player, helper, home, homepage, hängt, mozilla, ntdll.dll, plug-in, problem, programm, realtek, registry, richtlinie, rundll, scan, security, services.exe, software, svchost.exe, system, taskhost.exe, tracker, usb, wenig ahnung, windows |
Baum-Darstellung