| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast! hat mehrere Viren gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.11.2013, 15:38
| #1 |
 |  Avast! hat mehrere Viren gefunden Hallo, ich konnte leider nirgendswo, auch nachdem ich google benutzt habe, die log dateien von meinem Virusfund finden. Hab einen Screenshot gemacht und in unten angehängt. Sonst haben alle Schritte funktioniert defogger_disable.txt Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:48 on 22/11/2013 (P83x)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Befindet sich im Anhang Addition.txt Befindet sich im Anhang GMER.txt Befindet sich als zip-Datei im Anhang, da sonst zu groß! Danke schonmal im Vorraus für eure Hilfe! |
|
22.11.2013, 16:03
| #2 |
| /// the machine /// TB-Ausbilder    | Avast! hat mehrere Viren gefunden Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
22.11.2013, 17:17
| #3 |
| | Avast! hat mehrere Viren gefunden Hey,
__________________sry hab mich nur hieran gehalten und da stand das es ok sei: http://www.trojaner-board.de/69886-a...beachten.html. Dann poste ich meine logs hier rein: FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2013
Ran by P83x (administrator) on ALPHA on 22-11-2013 14:50:28
Running from C:\Users\P83x\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Valve Corporation) G:\Programme\Steam\Steam.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\ASUSAUDIOCENTER.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Flux Software LLC) C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Steam] - G:\Programme\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-03] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [F.lux] - C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
MountPoints2: D - D:\Setup.exe
MountPoints2: {0dcfaf39-5b88-11e2-9182-bc5ff45e1393} - D:\DisneySplash.exe
MountPoints2: {cba612c9-8ff8-11e2-a4b5-bc5ff45e1393} - F:\LGAutoRun.exe
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [BrowserPlugInHelper] - C:\Program Files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55011B838CEFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default
FF Homepage: hxxp://www.sparknotes.com/lit/bravenew/themes.html|hxxp://www.sparknotes.com/lit/bravenew/study.html|hxxp://www.sparknotes.com/lit/bravenew/canalysis.html|hxxp://www.sparknotes.com/lit/bravenew/characters.html|hxxp://de.wikipedia.org/wiki/Sch%C3%B6ne_neue_Welt#Philosophische_Diskussion|hxxp://en.wikiquote.org/wiki/Brave_New_World|hxxp://siser.tripod.com/index2.html|hxxp://www.gradesaver.com/brave-new-world/study-guide/related-links/|hxxp://siser.tripod.com/cheat.html
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\foxmarks@kei.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\support@lastpass.com
FF Extension: YouTube Unblocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: Cookies Manager+ - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: groovesharkUnlocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: SciLorsGrooveUnlocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: No Name - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{1aa3b4d6-ff9b-4123-b9fa-7a58a2bd3111}.xpi
FF Extension: prefs - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{7c81974a-2ac8-4006-8817-4b86ce06f210}.xpi
FF Extension: Adblock Plus - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-01-10] (Ellora Assets Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-03-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-03-06] (LG Electronics Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-11] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [31232 2013-06-07] (Razer Inc)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-11-22] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-22 14:50 - 2013-11-22 14:50 - 00020998 _____ C:\Users\P83x\Desktop\FRST.txt
2013-11-22 14:50 - 2013-11-22 14:50 - 00000000 ____D C:\FRST
2013-11-22 14:49 - 2013-11-22 14:49 - 01957998 _____ (Farbar) C:\Users\P83x\Desktop\FRST64.exe
2013-11-22 14:48 - 2013-11-22 14:48 - 00000540 _____ C:\Users\P83x\Desktop\defogger_disable.log
2013-11-22 14:48 - 2013-11-22 14:48 - 00000168 _____ C:\Users\P83x\defogger_reenable
2013-11-22 14:47 - 2013-11-22 14:47 - 00050477 _____ C:\Users\P83x\Desktop\Defogger.exe
2013-11-21 21:01 - 2013-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000935 _____ C:\Users\P83x\Desktop\Open Broadcaster Software.lnk
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files\OBS
2013-11-20 17:48 - 2013-11-20 17:48 - 00000000 ____D C:\Users\P83x\AppData\Local\NVIDIA Corporation
2013-11-16 00:01 - 2013-11-16 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\Documents\Amnesia
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\AppData\Roaming\fltk.org
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\ProgramData\fltk.org
2013-11-14 05:49 - 2013-11-22 14:15 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-13 17:49 - 2013-11-13 17:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-13 10:51 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 10:51 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 10:51 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 10:51 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 10:51 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 10:51 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 10:51 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 10:51 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 10:51 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 10:51 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 10:05 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 10:05 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 10:05 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 10:05 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 10:05 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 10:05 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 10:05 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 10:05 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 10:05 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 10:05 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 10:05 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 10:05 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 10:05 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 10:05 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 10:05 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 10:05 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 10:05 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 10:05 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 10:05 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 10:05 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 10:05 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 10:05 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 10:05 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 10:05 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 10:05 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 10:05 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 10:05 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 10:05 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 10:05 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 10:05 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-29 13:50 - 2013-10-23 11:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-29 13:50 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-29 13:50 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 13:49 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-29 13:49 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-29 13:47 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-29 13:47 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-29 13:46 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-29 13:46 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-10-24 18:44 - 2013-10-24 18:44 - 00006854 _____ C:\graph.log
2013-10-24 18:44 - 2013-10-24 18:44 - 00001156 _____ C:\Users\UpdatusUser\Desktop\Little Fighter 2.lnk
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Fighter 2
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Program Files (x86)\LittleFighter2
2013-10-24 17:49 - 2013-10-24 22:53 - 00000000 ____D C:\Users\P83x\AppData\Local\Unity
2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 _____ C:\Users\P83x\agent.log
2013-10-23 22:11 - 2013-10-16 01:48 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433158.dll
2013-10-23 22:11 - 2013-10-16 01:48 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433158.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
==================== One Month Modified Files and Folders =======
2013-11-22 14:50 - 2013-11-22 14:50 - 00020998 _____ C:\Users\P83x\Desktop\FRST.txt
2013-11-22 14:50 - 2013-11-22 14:50 - 00000000 ____D C:\FRST
2013-11-22 14:49 - 2013-11-22 14:49 - 01957998 _____ (Farbar) C:\Users\P83x\Desktop\FRST64.exe
2013-11-22 14:48 - 2013-11-22 14:48 - 00000540 _____ C:\Users\P83x\Desktop\defogger_disable.log
2013-11-22 14:48 - 2013-11-22 14:48 - 00000168 _____ C:\Users\P83x\defogger_reenable
2013-11-22 14:48 - 2013-01-11 00:13 - 00000000 ____D C:\Users\P83x
2013-11-22 14:47 - 2013-11-22 14:47 - 00050477 _____ C:\Users\P83x\Desktop\Defogger.exe
2013-11-22 14:45 - 2013-03-03 21:26 - 00000000 ____D C:\Users\P83x\AppData\Local\PMB Files
2013-11-22 14:34 - 2013-01-11 15:58 - 00000000 ____D C:\Users\P83x\AppData\Local\Adobe
2013-11-22 14:34 - 2013-01-11 02:15 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-22 14:34 - 2013-01-11 02:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 14:34 - 2013-01-11 02:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-22 14:34 - 2013-01-11 02:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-22 14:21 - 2013-01-11 00:17 - 01688460 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-22 14:21 - 2009-07-14 18:58 - 00728118 _____ C:\Windows\system32\perfh007.dat
2013-11-22 14:21 - 2009-07-14 18:58 - 00160448 _____ C:\Windows\system32\perfc007.dat
2013-11-22 14:20 - 2013-01-11 00:12 - 01619895 _____ C:\Windows\WindowsUpdate.log
2013-11-22 14:20 - 2009-07-14 05:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:20 - 2009-07-14 05:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-22 14:16 - 2013-01-11 02:57 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Skype
2013-11-22 14:15 - 2013-11-14 05:49 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-22 14:15 - 2013-07-18 12:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-22 14:15 - 2013-01-11 09:39 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-11-22 14:15 - 2013-01-11 09:39 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-11-22 14:15 - 2013-01-11 09:02 - 00000000 ____D C:\Users\P83x\AppData\Local\LogMeIn Hamachi
2013-11-22 14:15 - 2013-01-11 01:25 - 00307616 _____ C:\Windows\PFRO.log
2013-11-22 14:15 - 2013-01-11 01:24 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-11-22 14:15 - 2013-01-11 01:20 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-11-22 14:15 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-22 14:15 - 2009-07-14 05:51 - 00134998 _____ C:\Windows\setupact.log
2013-11-21 22:13 - 2013-01-18 15:10 - 00000000 ____D C:\Users\P83x\AppData\Roaming\TS3Client
2013-11-21 21:20 - 2013-03-03 21:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-21 21:02 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files (x86)\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000935 _____ C:\Users\P83x\Desktop\Open Broadcaster Software.lnk
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files\OBS
2013-11-21 20:35 - 2013-01-11 02:28 - 00000000 ____D C:\Users\P83x\AppData\Roaming\vlc
2013-11-20 22:41 - 2013-01-11 09:50 - 00000000 ____D C:\Users\P83x\AppData\Roaming\foobar2000
2013-11-20 17:48 - 2013-11-20 17:48 - 00000000 ____D C:\Users\P83x\AppData\Local\NVIDIA Corporation
2013-11-20 13:53 - 2013-01-11 01:20 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-11-19 06:25 - 2013-01-11 02:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-17 17:26 - 2013-05-31 20:06 - 00000000 ____D C:\Users\P83x\Bilder
2013-11-17 05:05 - 2013-01-11 09:20 - 00000000 ____D C:\Users\P83x\AppData\Local\CrashDumps
2013-11-16 23:52 - 2013-01-11 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 10:33 - 2013-11-16 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\Documents\Amnesia
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\AppData\Roaming\fltk.org
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\ProgramData\fltk.org
2013-11-13 22:35 - 2013-08-02 16:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-11-13 22:35 - 2013-08-02 16:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-11-13 22:35 - 2013-08-02 16:03 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-13 18:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 17:49 - 2013-11-13 17:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-13 10:51 - 2013-01-11 09:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 10:50 - 2013-07-26 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 10:50 - 2009-10-14 06:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2009-10-14 06:13 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 21:47 - 2013-10-29 13:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-10-29 13:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-05 19:57 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-02 20:16 - 2013-01-11 02:58 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-29 17:17 - 2013-03-10 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-29 17:17 - 2013-01-11 02:57 - 00000000 ____D C:\ProgramData\Skype
2013-10-29 13:51 - 2013-01-25 12:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-29 13:47 - 2013-07-18 12:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-29 13:47 - 2013-07-18 12:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 14:11 - 2013-07-04 19:44 - 00016090 _____ C:\Users\P83x\Elo Boosting.xlsx
2013-10-25 17:20 - 2013-01-21 15:27 - 00000000 ____D C:\Program Files (x86)\JDownloader
2013-10-24 22:53 - 2013-10-24 17:49 - 00000000 ____D C:\Users\P83x\AppData\Local\Unity
2013-10-24 18:44 - 2013-10-24 18:44 - 00006854 _____ C:\graph.log
2013-10-24 18:44 - 2013-10-24 18:44 - 00001156 _____ C:\Users\UpdatusUser\Desktop\Little Fighter 2.lnk
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Little Fighter 2
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Program Files (x86)\LittleFighter2
2013-10-24 17:40 - 2013-10-24 17:40 - 00000000 _____ C:\Users\P83x\agent.log
2013-10-23 11:30 - 2013-10-29 13:50 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-23 11:30 - 2013-10-29 13:50 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-23 11:30 - 2013-10-29 13:50 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-23 11:30 - 2013-10-29 13:49 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-23 11:30 - 2013-10-29 13:49 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 15212336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 03067560 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 02695200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 01435504 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 00168616 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 00141336 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-10-23 11:30 - 2013-07-18 12:29 - 00023287 _____ C:\Windows\system32\nvinfo.pb
2013-10-23 09:20 - 2013-10-05 18:32 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-10-23 09:20 - 2013-07-18 12:29 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-10-23 09:20 - 2013-07-18 12:29 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-10-23 09:20 - 2013-07-18 12:29 - 03426956 _____ C:\Windows\system32\nvcoproc.bin
2013-10-23 09:20 - 2013-07-18 12:29 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-10-23 09:20 - 2013-07-18 12:29 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-10-23 09:20 - 2013-07-18 12:29 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-10-23 03:02 - 2013-10-23 03:02 - 00589600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
Files to move or delete:
====================
C:\Users\P83x\AppData\Roaming\Origin
Some content of TEMP:
====================
C:\Users\P83x\AppData\Local\Temp\7za.exe
C:\Users\P83x\AppData\Local\Temp\CheatEngine62Clean.exe
C:\Users\P83x\AppData\Local\Temp\CRCCheck.exe
C:\Users\P83x\AppData\Local\Temp\FreemakeVideoDownloader_3.4.3.1.exe
C:\Users\P83x\AppData\Local\Temp\IminentSetup.exe
C:\Users\P83x\AppData\Local\Temp\incredibar_installer.exe
C:\Users\P83x\AppData\Local\Temp\install.exe
C:\Users\P83x\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\P83x\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\P83x\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\P83x\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\P83x\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\P83x\AppData\Local\Temp\nvStInst.exe
C:\Users\P83x\AppData\Local\Temp\OptimizerPro.exe
C:\Users\P83x\AppData\Local\Temp\SkypeSetup.exe
C:\Users\P83x\AppData\Local\Temp\swt-win32-3740.dll
C:\Users\P83x\AppData\Local\Temp\tmpC3DA.exe
C:\Users\P83x\AppData\Local\Temp\ubi60E6.tmp.exe
C:\Users\P83x\AppData\Local\Temp\Uninstall.exe
C:\Users\P83x\AppData\Local\Temp\_is264C.exe
C:\Users\P83x\AppData\Local\Temp\_is48D3.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 14:39
==================== End Of Log ============================
--- --- --- --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2013
Ran by P83x at 2013-11-22 14:50:49
Running from C:\Users\P83x\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Antivirus (Disabled) {131692B0-0864-D491-4E21-3A3A1D8BBB47}
==================== Installed Programs ======================
µTorrent (x32 Version: 3.2.3.28705)
7-Zip 9.22 (x64 edition) (Version: 9.22.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.8.638)
Allgemeine Runtime Files (x86) (Version: 1.0.3.5)
Amnesia: The Dark Descent (x32)
Asmedia ASM106x SATA Host Controller Driver (x32 Version: 1.3.1.000)
ASRock App Charger v1.0.5
Assassin's Creed (x32 Version: 1.00)
ASUS Xonar DG Audio Driver
avast! Free Antivirus (x32 Version: 8.0.1497.0)
BioShock (x32)
BioShock 2 (x32 Version: 1.00.0000)
Borderlands 2 (x32)
Burnout Paradise: The Ultimate Box (x32)
Cheat Engine 6.2 (x32)
Crysis 2 Maximum Edition (x32)
Crysis WARHEAD(R) (x32 Version: 1.0)
Crysis WARHEAD(R) (x32)
Crysis® 2 DELUXE EDITION (x32 Version: 1.9)
Cube World version 0.0.1 (x32 Version: 0.0.1)
DAEMON Tools Lite (x32 Version: 4.46.1.0327)
Darksiders II (x32)
Dead Space™ 2 (x32 Version: 1.0.941.0)
Dead Space™ 3 (x32 Version: 1.0.0.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
DirectX 9.0c Extra Files (x86, x64) (Version: 1.10.06.0)
DirectX for Managed Code (Version: 1.0.0.0)
Dota 2 (x32)
EVGA Precision X 4.1.0 (x32 Version: 4.1.0)
f.lux (HKCU)
FLV Player 2.0 (build 25) (x32 Version: 2.0 (build 25))
foobar2000 v1.2 (x32 Version: 1.2)
Fraps (remove only) (x32)
Freemake Video Downloader (x32 Version: 3.4.3)
GeForce Experience NvStream Client Components (Version: 1.6.28)
Hammerwatch (x32)
Hitman Absolution (x32)
Intel(R) Control Center (x32 Version: 1.2.1.1008)
Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36354)
Intel(R) Management Engine Components (x32 Version: 8.1.0.1281)
Intel(R) Processor Graphics (x32 Version: 9.17.10.2867)
Intel(R) Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel(R) Smart Connect Technology 3.0 x64 (Version: 3.0.41.1571)
Intel(R) USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Java 7 Update 10 (64-bit) (Version: 7.0.100)
Java 7 Update 10 (x32 Version: 7.0.100)
JDownloader 0.9 (x32 Version: 0.9)
Just Cause 2 (x32)
King Arthur - Fallen Champions (x32)
King Arthur: Collection (x32)
League of Legends (x32 Version: 1.3)
Left 4 Dead 2 (x32)
LG United Mobile Driver (x32 Version: 3.7.2.0)
LibreOffice 4.0.3.3 (x32 Version: 4.0.3.3)
Little Fighter 2 version 2.0a (x32 Version: version 2.0a)
LogMeIn Hamachi (x32 Version: 2.2.0.105)
Magicka (x32)
Mark of the Ninja (x32)
McPixel (x32)
Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme (x32 Version: 12.0.4518.1014)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 1.1 Security Update (KB2656370) (x32)
Microsoft .NET Framework 1.1 Security Update (KB2698023) (x32)
Microsoft .NET Framework 1.1 Security Update (KB979906) (x32)
Microsoft .NET Framework 1.1 SP1
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft .NET Framework 4.5 (Version: 4.5.50709)
Microsoft Corporation (Version: 9.1.0.0)
Microsoft Corporation (x32 Version: 9.1.0.0)
Microsoft Games for Windows - LIVE (x32 Version: 3.3.24.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.2.3.0)
Microsoft LifeCam (Version: 3.60.253.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (x32 Version: 14.0.7015.1000)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.7015.1000)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (Version: 2.0.50728)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Mirror's Edge (x32)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 25.0.1)
Mp3tag v2.54 (x32 Version: v2.54)
Need for Speed Most Wanted (x32)
Need for Speed(TM) Hot Pursuit (x32 Version: 1.0.0.0)
NVIDIA 3D Vision Controller-Treiber 331.65 (Version: 331.65)
NVIDIA 3D Vision Treiber 331.65 (Version: 331.65)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1)
NVIDIA Grafiktreiber 331.65 (Version: 331.65)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)
NVIDIA Install Application (Version: 2.1002.140.952)
NVIDIA LED Visualizer 1.0 (Version: 1.0)
NVIDIA PhysX (x32 Version: 9.13.0725)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165)
NVIDIA Systemsteuerung 331.65 (Version: 331.65)
NVIDIA Update 9.3.21 (Version: 9.3.21)
NVIDIA Update Components (Version: 9.3.21)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9)
Open Broadcaster Software (x32)
OpenAL (x32)
Origin (x32 Version: 9.3.1.4482)
Overlord (x32)
Overlord II (x32 Version: 1.0)
Painkiller Hell & Damnation (x32)
Pando Media Booster (x32 Version: 2.6.0.8)
PlanetSide 2 (x32)
Prototype 2 version 5.1 (x32 Version: 5.1)
Realtek Ethernet Controller Driver (x32 Version: 7.48.823.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6482)
Revo Uninstaller 1.94 (x32 Version: 1.94)
Risen 2 Dark Waters Version v1.0 (x32 Version: v1.0)
Rogue Legacy (x32 Version: 2.0.0.4)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (x32)
SHIELD Streaming (Version: 1.6.53)
Skype™ 6.9 (x32 Version: 6.9.106)
Spelunky HD 1.0 (x32 Version: 1.0)
Split/Second (x32 Version: 1.00.0000)
Star Wars: The Force Unleashed 2 (x32 Version: 1.0)
Steam (x32 Version: 1.0.0.0)
Team Fortress 2 (x32)
TeamSpeak 3 Client (Version: 3.0.13.1)
TeamViewer 8 (x32 Version: 8.0.19617)
Terraria (x32)
Thomas Was Alone (x32)
Trine 2 (x32)
Tunngle beta (x32)
Ubisoft Game Launcher (x32 Version: 1.0.0.0)
Ultimate Bot Setup (x32 Version: 1.0.0)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VLC media player 2.0.5 (Version: 2.0.5)
WinPcap 4.1.2 (x32 Version: 4.1.0.2001)
Zeno Clash (x32)
==================== Restore Points =========================
13-11-2013 09:49:39 Windows Update
19-11-2013 07:21:16 Windows Update
22-11-2013 13:19:35 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {32B5BE55-D7C3-45CD-BA21-74DFD253D860} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: {958B7069-BB39-4829-A23F-CC88C8427A85} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DB6AD9DF-9B71-4FAA-87DE-DFCD3C9FCAA3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-08-30] (AVAST Software)
Task: {E239E31D-954D-4008-AB43-71EB20877549} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-22] (Adobe Systems Incorporated)
Task: {EC0EB35C-8310-4541-8CE2-DD09960B8BE0} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2013-01-11] ()
Task: {F6FD3F20-04AB-46F6-B30C-70227DD5E6B9} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-09-17 16:23 - 2012-09-17 16:23 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-22 14:16 - 2013-11-22 11:06 - 02240000 _____ () C:\Program Files\AVAST Software\Avast\defs\13112200\algo.dll
2013-03-12 17:10 - 2013-10-24 18:45 - 00691200 _____ () G:\Programme\Steam\SDL2.dll
2013-01-11 09:27 - 2013-10-30 20:25 - 01123240 _____ () G:\Programme\Steam\bin\chromehtml.DLL
2013-01-11 09:27 - 2013-10-23 21:07 - 20625832 _____ () G:\Programme\Steam\bin\libcef.dll
2013-01-11 09:27 - 2013-06-15 00:49 - 01100800 _____ () G:\Programme\Steam\bin\avcodec-53.dll
2013-01-11 09:27 - 2013-06-15 00:49 - 00124416 _____ () G:\Programme\Steam\bin\avutil-51.dll
2013-01-11 09:27 - 2013-06-15 00:49 - 00192000 _____ () G:\Programme\Steam\bin\avformat-53.dll
2013-08-02 15:49 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DG Audio\Customapp\VmixP8.dll
2013-08-15 14:30 - 2013-08-15 14:30 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\24bb27bf7c61014b987f87df24ad29ac\PSIClient.ni.dll
2013-01-11 01:20 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-11-16 00:01 - 2013-11-16 00:01 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
Name: avast! Firewall NDIS Filter Miniport
Description: avast! Firewall NDIS Filter Miniport
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ALWIL Software
Service: aswNdis
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/22/2013 02:29:14 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a98
Startzeit: 01cee786637b25f1
Endzeit: 38
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 12c03dfa-537a-11e3-8e92-bc5ff45e1393
Error: (11/22/2013 02:25:26 PM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: e88
Startzeit: 01cee78616116ce3
Endzeit: 33
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 89f489f4-5379-11e3-8e92-bc5ff45e1393
Error: (11/17/2013 05:05:03 AM) (Source: Application Hang) (User: )
Description: Programm firefox.exe, Version 25.0.1.5064 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a58
Startzeit: 01cee3488269a784
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 6d6d0648-4f3d-11e3-8ff7-bc5ff45e1393
Error: (11/17/2013 05:05:03 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f18a
Name des fehlerhaften Moduls: mozalloc.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282c493
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000119c
ID des fehlerhaften Prozesses: 0x19c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (11/14/2013 08:34:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.13.0.399, Zeitstempel: 0x526ed0a3
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0x1560
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/14/2013 08:32:17 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.13.0.399, Zeitstempel: 0x526ed0a3
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0x152c
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/14/2013 08:31:38 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 3.13.0.399, Zeitstempel: 0x526ed0a3
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0x1390
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3
Error: (11/12/2013 06:40:10 PM) (Source: Application Hang) (User: )
Description: Programm Skype.exe, Version 6.9.0.106 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13c0
Startzeit: 01cedfa0e82ac1dd
Endzeit: 6
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error: (10/30/2013 08:53:23 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000000000
ID des fehlerhaften Prozesses: 0x460
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (10/18/2013 06:12:46 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: ElophantClient.exe, Version: 1.0.2.0, Zeitstempel: 0x5179d8d6
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1e40
Startzeit der fehlerhaften Anwendung: 0xElophantClient.exe0
Pfad der fehlerhaften Anwendung: ElophantClient.exe1
Pfad des fehlerhaften Moduls: ElophantClient.exe2
Berichtskennung: ElophantClient.exe3
System errors:
=============
Error: (11/22/2013 02:15:41 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 25.186.229.215
registriert werden. Der Computer mit IP-Adresse 25.194.130.239 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (11/21/2013 07:54:58 PM) (Source: bowser) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "JOJO-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{AA111F12-7521-4522-92F2-E5509DE87F19}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (11/20/2013 01:21:33 PM) (Source: NetBT) (User: )
Description: Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit IP-Adresse 25.186.229.215
registriert werden. Der Computer mit IP-Adresse 25.194.130.239 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (11/19/2013 06:15:17 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
Error: (11/19/2013 06:15:17 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error: (11/19/2013 06:14:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
Error: (11/19/2013 06:14:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error: (11/19/2013 06:14:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 107.
Error: (11/19/2013 06:14:14 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Eine SSL 3.0-Verbindungsanforderung wurde von einer Remoteclientanwendung übermittelt, jedoch werden keine der Verschlüsselungssammlungen, die von der Clientanwendung unterstützt werden, vom Server unterstützt. Fehler bei der SSL-Verbindungsanforderung.
Error: (11/19/2013 08:28:05 AM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{AA111F12-7521-4522-92F2-E5509DE87F19}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Microsoft Office Sessions:
=========================
Error: (11/22/2013 02:29:14 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.50641a9801cee786637b25f138C:\Program Files (x86)\Mozilla Firefox\firefox.exe12c03dfa-537a-11e3-8e92-bc5ff45e1393
Error: (11/22/2013 02:25:26 PM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064e8801cee78616116ce333C:\Program Files (x86)\Mozilla Firefox\firefox.exe89f489f4-5379-11e3-8e92-bc5ff45e1393
Error: (11/17/2013 05:05:03 AM) (Source: Application Hang)(User: )
Description: firefox.exe25.0.1.5064a5801cee3488269a78447C:\Program Files (x86)\Mozilla Firefox\firefox.exe6d6d0648-4f3d-11e3-8ff7-bc5ff45e1393
Error: (11/17/2013 05:05:03 AM) (Source: Application Error)(User: )
Description: plugin-container.exe25.0.1.50645282f18amozalloc.dll25.0.1.50645282c493800000030000119c19c01cee3488717d7cfC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll6f14a1fb-4f3d-11e3-8ff7-bc5ff45e1393
Error: (11/14/2013 08:34:09 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.13.0.399526ed0a3cgD3D9.dll3.0.0.164d55a06fc0000005000b6539156001cee170542f3f11C:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exeC:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\cgD3D9.dllbb02a9ab-4d63-11e3-a84b-bc5ff45e1393
Error: (11/14/2013 08:32:17 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.13.0.399526ed0a3cgD3D9.dll3.0.0.164d55a06fc0000005000b6539152c01cee17026280a68C:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exeC:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\cgD3D9.dll77f782bc-4d63-11e3-a84b-bc5ff45e1393
Error: (11/14/2013 08:31:38 PM) (Source: Application Error)(User: )
Description: League of Legends.exe3.13.0.399526ed0a3cgD3D9.dll3.0.0.164d55a06fc0000005000b6539139001cee1700e3a33b6C:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\League of Legends.exeC:\Program Files\League of Legends\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.251\deploy\cgD3D9.dll6111f829-4d63-11e3-a84b-bc5ff45e1393
Error: (11/12/2013 06:40:10 PM) (Source: Application Hang)(User: )
Description: Skype.exe6.9.0.10613c001cedfa0e82ac1dd6C:\Program Files (x86)\Skype\Phone\Skype.exe
Error: (10/30/2013 08:53:23 AM) (Source: Application Error)(User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1unknown0.0.0.000000000c0000005000000000000000046001ced5451851b028C:\Windows\system32\svchost.exeunknown5974b9bc-4138-11e3-84c7-bc5ff45e1393
Error: (10/18/2013 06:12:46 PM) (Source: Application Error)(User: )
Description: ElophantClient.exe1.0.2.05179d8d6KERNELBASE.dll6.1.7601.1822951fb1116e04343520000c41f1e4001cecc253e406d04C:\Users\P83x\Desktop\ElophantClient.exeC:\Windows\syswow64\KERNELBASE.dll81a1610f-3818-11e3-afb6-bc5ff45e1393
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8087.06 MB
Available physical RAM: 5946.49 MB
Total Pagefile: 16172.3 MB
Available Pagefile: 13784.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:36.85 GB) NTFS
Drive d: (SplitSecond) (CDROM) (Total:6.91 GB) (Free:0 GB) UDF
Drive e: (LAASRI) (Removable) (Total:29.83 GB) (Free:28.36 GB) FAT32
Drive g: (1TB - Seagate) (Fixed) (Total:931.51 GB) (Free:317.92 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BC97A47B)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: CEFF7F3F)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)
==================== End Of Log ============================
|
|
22.11.2013, 17:19
| #4 |
| | Avast! hat mehrere Viren gefunden GMER.txt TEIL 1 Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-22 15:22:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\0000006e ATA_____ rev.2.11 111,79GB
Running: lmy7tt71.exe; Driver: C:\Users\P83x\AppData\Local\Temp\uxldrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035a7000 45 bytes [43, 4D, 32, 35, 01, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035a702f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[752] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[816] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\services.exe[840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[972] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[320] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[340] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Windows\System32\svchost.exe[716] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[688] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1152] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1380] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe[1844] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1100] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[2072] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe[2084] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2224] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe[2280] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\Microsoft LifeCam\MSCamS64.exe[2328] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2364] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2512] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system32\svchost.exe[2692] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100091014
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100090804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100090a08
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100090c0c
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100090e10
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001000901f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001000903fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100090600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001000a03fc
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 00000001000a0804
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 00000001000a0600
.text C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe[2740] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 00000001000a0a08
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 00000001003f075c
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001003f03a4
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 00000001003f0b14
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 00000001003f0ecc
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 00000001003f163c
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 00000001003f1284
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001003f19f4
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\System32\igfxpers.exe[2808] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 3 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 00000000770ff52f 1 byte [89]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[2876] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100110600
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001002401f8
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001002403fc
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100240804
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100240600
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100240a08
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100251014
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100250804
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100250a08
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100250c0c
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100250e10
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001002501f8
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001002503fc
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100250600
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b69d0b 5 bytes JMP 000000011000a4d0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076b69d4e 5 bytes JMP 000000011000a630
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ee6451e 5 bytes JMP 000000011000ab40
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ee64b6d 5 bytes JMP 000000011000abb0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ee64bf2 5 bytes JMP 000000011000ac90
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ee64f0f 5 bytes JMP 000000011000ac50
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ee64f7b 5 bytes JMP 000000011000ac10
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ee69054 5 bytes JMP 000000011000ad10
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ee6adf9 5 bytes JMP 000000011000abe0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ee852e8 5 bytes JMP 000000011000acd0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ee8535f 5 bytes JMP 000000011000acf0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ee859cc 5 bytes JMP 000000011000ae40
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ee85a6a 5 bytes JMP 000000011000aec0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ee85ad7 5 bytes JMP 000000011000af00
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ee85b5b 5 bytes JMP 000000011000af40
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ee85bba 5 bytes JMP 000000011000af80
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ee85bee 5 bytes JMP 000000011000b000
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ee85c22 5 bytes JMP 000000011000b060
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ee85c67 5 bytes JMP 000000011000b0d0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071397e3d 5 bytes JMP 000000011000a690
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000713cde69 5 bytes JMP 000000011000a770
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000713dd2c5 5 bytes JMP 000000011000a8a0
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000713dd371 5 bytes JMP 000000011000a990
.text C:\Windows\SysWOW64\HsMgr.exe[3048] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000713dd429 5 bytes JMP 000000011000aa80
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 00000001003d075c
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001003d03a4
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 00000001003d0b14
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 00000001003d0ecc
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 00000001003d163c
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 00000001003d1284
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001003d19f4
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutClose 000007fefa6836ac 5 bytes JMP 000007feff1901f0
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutUnprepareHeader 000007fefa683770 5 bytes JMP 000007feff190298
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutOpen 000007fefa6838d0 5 bytes JMP 000007feff1901b8
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutPrepareHeader 000007fefa683ca4 5 bytes JMP 000007feff190260
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa683d40 5 bytes JMP 000007feff190228
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInOpen 000007fefa687fe0 7 bytes JMP 000007feff190378
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutReset 000007fefa68a38c 5 bytes JMP 000007feff1902d0
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutGetVolume 000007fefa6a49f0 5 bytes JMP 000007feff190308
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveOutSetVolume 000007fefa6a4ab0 5 bytes JMP 000007feff190340
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInClose 000007fefa6a52e0 5 bytes JMP 000007feff1903b0
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInPrepareHeader 000007fefa6a53c0 5 bytes JMP 000007feff190490
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInUnprepareHeader 000007fefa6a5454 5 bytes JMP 000007feff1904c8
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInAddBuffer 000007fefa6a5514 5 bytes JMP 000007feff190500
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInStart 000007fefa6a55a4 6 bytes JMP 000007feff1903e8
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInStop 000007fefa6a55e4 6 bytes JMP 000007feff190420
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInReset 000007fefa6a5624 5 bytes JMP 000007feff190458
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\WINMM.dll!waveInGetPosition 000007fefa6a567c 5 bytes JMP 000007feff190538
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\DSOUND.dll!DirectSoundCreate8 000007fef5546944 7 bytes JMP 000007feff190180
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\DSOUND.dll!DirectSoundCreate 000007fef5565a84 7 bytes JMP 000007feff190148
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate 000007fef5565b90 7 bytes JMP 000007feff190570
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\DSOUND.dll!DirectSoundCaptureCreate8 000007fef5565c94 7 bytes JMP 000007feff1905a8
.text C:\Windows\system\HsMgr64.exe[3060] C:\Windows\system32\DSOUND.dll!DirectSoundFullDuplexCreate 000007fef5565da8 5 bytes JMP 000007feff1905e0
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010041075c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001004103a4
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100410b14
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100410ecc
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010041163c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100411284
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001004119f4
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe[2972] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100240600
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100240804
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100240c0c
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100240a08
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100240e10
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001002401f8
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001002403fc
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001002501f8
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001002503fc
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100250804
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100250600
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100250a08
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100261014
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100260804
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100260a08
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100260c0c
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100260e10
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001002601f8
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001002603fc
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100260600
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b69d0b 5 bytes JMP 000000010560a4d0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076b69d4e 5 bytes JMP 000000010560a630
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077451465 2 bytes [45, 77]
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774514bb 2 bytes [45, 77]
.text ... * 2
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ee6451e 5 bytes JMP 000000010560ab40
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ee64b6d 5 bytes JMP 000000010560abb0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ee64bf2 5 bytes JMP 000000010560ac90
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ee64f0f 5 bytes JMP 000000010560ac50
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ee64f7b 5 bytes JMP 000000010560ac10
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ee69054 5 bytes JMP 000000010560ad10
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ee6adf9 5 bytes JMP 000000010560abe0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ee852e8 5 bytes JMP 000000010560acd0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ee8535f 5 bytes JMP 000000010560acf0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ee859cc 5 bytes JMP 000000010560ae40
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ee85a6a 5 bytes JMP 000000010560aec0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ee85ad7 5 bytes JMP 000000010560af00
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ee85b5b 5 bytes JMP 000000010560af40
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ee85bba 5 bytes JMP 000000010560af80
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ee85bee 5 bytes JMP 000000010560b000
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ee85c22 5 bytes JMP 000000010560b060
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ee85c67 5 bytes JMP 000000010560b0d0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071397e3d 5 bytes JMP 000000010560a690
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000713cde69 5 bytes JMP 000000010560a770
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000713dd2c5 5 bytes JMP 000000010560a8a0
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000713dd371 5 bytes JMP 000000010560a990
.text C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe[3080] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000713dd429 5 bytes JMP 000000010560aa80
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100091014
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100090804
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100090a08
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100090c0c
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100090e10
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001000901f8
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001000903fc
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100090600
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001000a01f8
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001000a03fc
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 00000001000a0804
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 00000001000a0600
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 00000001000a0a08
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b69d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076b69d4e 5 bytes JMP 000000011000a630
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ee6451e 5 bytes JMP 000000011000ab40
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ee64b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ee64bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ee64f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ee64f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ee69054 5 bytes JMP 000000011000ad10
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ee6adf9 5 bytes JMP 000000011000abe0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ee852e8 5 bytes JMP 000000011000acd0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ee8535f 5 bytes JMP 000000011000acf0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ee859cc 5 bytes JMP 000000011000ae40
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ee85a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ee85ad7 5 bytes JMP 000000011000af00
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ee85b5b 5 bytes JMP 000000011000af40
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ee85bba 5 bytes JMP 000000011000af80
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ee85bee 5 bytes JMP 000000011000b000
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ee85c22 5 bytes JMP 000000011000b060
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ee85c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071397e3d 5 bytes JMP 000000011000a690
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000713cde69 5 bytes JMP 000000011000a770
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000713dd2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000713dd371 5 bytes JMP 000000011000a990
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000713dd429 5 bytes JMP 000000011000aa80
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077451465 2 bytes [45, 77]
.text C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774514bb 2 bytes [45, 77]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 3 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx + 4 00000000770ff52f 1 byte [89]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100111014
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100110c0c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100110e10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b69d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076b69d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ee6451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ee64b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ee64bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ee64f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ee64f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ee69054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ee6adf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ee852e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ee8535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ee859cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ee85a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ee85ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ee85b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ee85bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ee85bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ee85c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ee85c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071397e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000713cde69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000713dd2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000713dd371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3324] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000713dd429 5 bytes JMP 000000011000aa80
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3372] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010020075c
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001002003a4
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100200b14
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100200ecc
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010020163c
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100201284
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001002019f4
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe[3124] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 00000001002a075c
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001002a03a4
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 00000001002a0b14
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 00000001002a0ecc
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 00000001002a163c
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 00000001002a1284
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001002a19f4
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[2976] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
|
|
22.11.2013, 17:21
| #5 |
| | Avast! hat mehrere Viren gefunden GMER.txt TEIL 2 Code:
ATTFilter .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[4080] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010012075c
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001001203a4
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100120b14
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100120ecc
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010012163c
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100121284
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001001219f4
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system32\conhost.exe[2176] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010026075c
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001002603a4
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100260b14
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100260ecc
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010026163c
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100261284
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001002619f4
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system32\svchost.exe[4592] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system32\svchost.exe[5040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\System32\WUDFHost.exe[5008] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 00000001001b075c
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001001b03a4
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 00000001001b0b14
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 00000001001b0ecc
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 00000001001b163c
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 00000001001b1284
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001001b19f4
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\system32\SearchIndexer.exe[5232] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5456] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010024075c
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001002403a4
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100240b14
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100240ecc
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010024163c
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100241284
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001002419f4
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\System32\svchost.exe[6100] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 00000001000e1014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 00000001000e0804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 00000001000e0a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 00000001000e0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 00000001000e0e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001000e01f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001000e03fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 00000001000e0600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001000f01f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 3 bytes JMP 00000001000f03fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!UnhookWinEvent + 4 00000000770e3986 1 byte [89]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 00000001000f0804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 00000001000f0600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 00000001000f0a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076b69d0b 5 bytes JMP 000000011000a4d0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076b69d4e 5 bytes JMP 000000011000a630
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutOpen 000000006ee6451e 5 bytes JMP 000000011000ab40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutClose 000000006ee64b6d 5 bytes JMP 000000011000abb0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutUnprepareHeader 000000006ee64bf2 5 bytes JMP 000000011000ac90
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutPrepareHeader 000000006ee64f0f 5 bytes JMP 000000011000ac50
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutWrite 000000006ee64f7b 5 bytes JMP 000000011000ac10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInOpen 000000006ee69054 5 bytes JMP 000000011000ad10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutReset 000000006ee6adf9 5 bytes JMP 000000011000abe0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutGetVolume 000000006ee852e8 5 bytes JMP 000000011000acd0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveOutSetVolume 000000006ee8535f 5 bytes JMP 000000011000acf0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInClose 000000006ee859cc 5 bytes JMP 000000011000ae40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInPrepareHeader 000000006ee85a6a 5 bytes JMP 000000011000aec0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInUnprepareHeader 000000006ee85ad7 5 bytes JMP 000000011000af00
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInAddBuffer 000000006ee85b5b 5 bytes JMP 000000011000af40
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInStart 000000006ee85bba 5 bytes JMP 000000011000af80
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInStop 000000006ee85bee 5 bytes JMP 000000011000b000
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInReset 000000006ee85c22 5 bytes JMP 000000011000b060
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\WINMM.dll!waveInGetPosition 000000006ee85c67 5 bytes JMP 000000011000b0d0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate 0000000071397e3d 5 bytes JMP 000000011000a690
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCreate8 00000000713cde69 5 bytes JMP 000000011000a770
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate 00000000713dd2c5 5 bytes JMP 000000011000a8a0
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundCaptureCreate8 00000000713dd371 5 bytes JMP 000000011000a990
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7112] C:\Windows\SysWOW64\DSOUND.dll!DirectSoundFullDuplexCreate 00000000713dd429 5 bytes JMP 000000011000aa80
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[6904] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100140600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100140804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100140c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100140a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100140e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001001401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001001403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100151014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100150804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100150a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100150c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100150e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001001501f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001001503fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100150600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001001601f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001001603fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100160804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100160600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe[6952] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100160a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100241014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100240804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100240a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100240c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100240e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001002401f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001002403fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100240600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001002501f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001002503fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100250804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100250600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[6428] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100250a08
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Windows\System32\svchost.exe[7108] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077a5fac0 5 bytes JMP 0000000100030600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077a5fb58 5 bytes JMP 0000000100030804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077a5fcb0 5 bytes JMP 0000000100030c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077a60038 5 bytes JMP 0000000100030a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077a61920 5 bytes JMP 0000000100030e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077a7c4dd 5 bytes JMP 00000001000301f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077a81287 5 bytes JMP 00000001000303fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077625181 5 bytes JMP 0000000100101014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077625254 5 bytes JMP 0000000100100804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000776253d5 5 bytes JMP 0000000100100a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000776254c2 5 bytes JMP 0000000100100c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000776255e2 5 bytes JMP 0000000100100e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007762567c 5 bytes JMP 00000001001001f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007762589f 5 bytes JMP 00000001001003fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077625a22 5 bytes JMP 0000000100100600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\USER32.dll!SetWinEventHook 00000000770dee09 5 bytes JMP 00000001001101f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 00000000770e3982 5 bytes JMP 00000001001103fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 00000000770e7603 5 bytes JMP 0000000100110804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 00000000770e835c 5 bytes JMP 0000000100110600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[4228] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 00000000770ff52b 5 bytes JMP 0000000100110a08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077883b10 5 bytes JMP 000000010016075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077887ac0 5 bytes JMP 00000001001603a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 00000000778b1430 5 bytes JMP 0000000100160b14
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 00000000778b1490 5 bytes JMP 0000000100160ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000778b1570 5 bytes JMP 000000010016163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000778b17b0 5 bytes JMP 0000000100161284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000778b27e0 5 bytes JMP 00000001001619f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007779eecd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007feff456e00 5 bytes JMP 000007ff7f471dac
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007feff456f2c 5 bytes JMP 000007ff7f470ecc
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007feff457220 5 bytes JMP 000007ff7f471284
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007feff45739c 5 bytes JMP 000007ff7f47163c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007feff457538 5 bytes JMP 000007ff7f4719f4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007feff4575e8 5 bytes JMP 000007ff7f4703a4
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007feff45790c 5 bytes JMP 000007ff7f47075c
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2624] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007feff457ab4 5 bytes JMP 000007ff7f470b14
.text C:\Users\P83x\Desktop\lmy7tt71.exe[4064] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000076f5a2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [7108:4268] 000007fef3499688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\CurrentControlSet\services\aswKbd
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 109
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 2445834
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition1\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32
|
|
22.11.2013, 17:21
| #6 |
| | Avast! hat mehrere Viren gefunden GMER.txt TEIL 3 Code:
ATTFilter Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@DisplayName aswKbd
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Group Keyboard Port
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Description avast! keyboard filter driver (aswKbd)
Reg HKLM\SYSTEM\ControlSet002\services\aswKbd@Tag 7
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 109
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 2445834
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk1\Partition1\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP
Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 9
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Verwaltet und implementiert avast! Antivirus-Dienste f?r diesen Computer. Dies beinhaltet den Echtzeit-Schutz, den Virus-Container und den Planer.
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\P83x\Desktop\The Elder Scrolls V Skyrim Update 10 (1.7.7.0.6) (FÃ\xbcr die Deutsche Version)\SKY_DEU_UP10\SKY_DEU_UP10.exe 1
---- EOF - GMER 2.1 ----
|
|
23.11.2013, 07:53
| #7 | |
| /// the machine /// TB-Ausbilder | Avast! hat mehrere Viren gefundenCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.11.2013, 08:48
| #8 |
| | Avast! hat mehrere Viren gefunden Guten Morgen! Danke das du dich bereit erklärt hast mir zu helfen  Hier ist der ComboFix.txt log: Code:
ATTFilter ComboFix 13-11-22.01 - P83x 23.11.2013 8:34.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8087.6132 [GMT 1:00]
ausgeführt von:: c:\users\P83x\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\FlashPlayerApp.exe
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-10-23 bis 2013-11-23 ))))))))))))))))))))))))))))))
.
.
2013-11-22 13:50 . 2013-11-22 13:50 -------- d-----w- C:\FRST
2013-11-22 13:19 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1352FFC1-3D57-4FA6-BED1-53462F62354D}\mpengine.dll
2013-11-21 20:01 . 2013-11-21 20:01 -------- d-----w- c:\users\P83x\AppData\Roaming\OBS
2013-11-21 20:01 . 2013-11-21 20:01 -------- d-----w- c:\program files\OBS
2013-11-21 20:01 . 2013-11-21 20:02 -------- d-----w- c:\program files (x86)\OBS
2013-11-20 16:48 . 2013-11-20 16:48 -------- d-----w- c:\users\P83x\AppData\Local\NVIDIA Corporation
2013-11-15 20:07 . 2013-11-15 20:07 -------- d-----w- c:\users\P83x\AppData\Roaming\fltk.org
2013-11-15 20:07 . 2013-11-15 20:07 -------- d-----w- c:\programdata\fltk.org
2013-11-14 04:49 . 2013-11-23 07:38 94656 ----a-w- c:\windows\system32\WPRO_41_2001woem.tmp
2013-11-13 16:49 . 2013-11-13 16:49 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2013-11-13 09:05 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll
2013-10-29 12:50 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
2013-10-29 12:49 . 2013-10-23 10:30 25257248 ----a-w- c:\windows\system32\nvcompiler.dll
2013-10-29 12:49 . 2013-10-23 10:30 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-10-29 12:47 . 2013-11-08 20:47 1064224 ----a-w- c:\windows\system32\nvspcap64.dll
2013-10-29 12:47 . 2013-11-08 20:47 955168 ----a-w- c:\windows\SysWow64\nvspcap.dll
2013-10-29 12:46 . 2013-09-27 23:01 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2013-10-29 12:46 . 2013-09-27 23:01 28960 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2013-10-24 17:44 . 2013-10-24 17:44 -------- d-----w- c:\program files (x86)\LittleFighter2
2013-10-24 16:49 . 2013-10-24 21:53 -------- d-----w- c:\users\P83x\AppData\Local\Unity
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-23 07:38 . 2013-01-11 00:24 34752 ----a-w- c:\windows\system32\drivers\WPRO_41_2001.sys
2013-11-22 13:34 . 2013-01-11 01:15 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-13 21:35 . 2013-08-02 15:03 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-11-13 21:35 . 2013-08-02 15:03 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-11-13 09:50 . 2009-10-14 05:12 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-11 04:50 . 2009-10-14 05:13 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-10-23 10:30 . 2013-07-18 11:29 1435504 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-10-23 10:30 . 2013-07-18 11:29 3067560 ----a-w- c:\windows\system32\nvapi64.dll
2013-10-23 10:30 . 2013-07-18 11:29 2695200 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-10-23 10:30 . 2013-07-18 11:29 168616 ----a-w- c:\windows\system32\nvinitx.dll
2013-10-23 10:30 . 2013-07-18 11:29 15212336 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-10-23 10:30 . 2013-07-18 11:29 141336 ----a-w- c:\windows\SysWow64\nvinit.dll
2013-10-23 08:20 . 2013-07-18 11:29 6669600 ----a-w- c:\windows\system32\nvcpl.dll
2013-10-23 08:20 . 2013-07-18 11:29 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
2013-10-23 08:20 . 2013-10-05 17:32 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
2013-10-23 08:20 . 2013-07-18 11:29 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-10-23 08:20 . 2013-07-18 11:29 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-10-23 08:20 . 2013-07-18 11:29 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-10-23 08:20 . 2013-07-18 11:29 3426956 ----a-w- c:\windows\system32\nvcoproc.bin
2013-10-23 02:02 . 2013-10-23 02:02 589600 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-10-16 00:48 . 2013-10-23 21:11 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-23 21:11 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-09-27 23:01 . 2013-07-31 09:34 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll
2013-09-12 08:58 . 2013-10-05 17:32 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-10-05 17:32 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-08 02:30 . 2013-10-09 12:55 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:27 . 2013-10-09 12:55 327168 ----a-w- c:\windows\system32\mswsock.dll
2013-09-08 02:03 . 2013-10-09 12:55 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2013-09-04 12:12 . 2013-10-09 12:55 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-09-04 12:11 . 2013-10-09 12:55 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-09-04 12:11 . 2013-10-09 12:55 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-09-04 12:11 . 2013-10-09 12:55 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-09-04 12:11 . 2013-10-09 12:55 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2013-09-04 12:11 . 2013-10-09 12:55 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2013-09-04 12:11 . 2013-10-09 12:55 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-30 07:48 . 2013-07-30 07:54 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48 . 2013-07-30 07:54 204880 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48 . 2013-01-11 01:30 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-08-30 07:48 . 2013-01-11 01:30 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48 . 2013-01-11 01:30 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-08-30 07:48 . 2013-01-11 01:30 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48 . 2013-01-11 01:30 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-08-30 07:48 . 2013-01-11 01:30 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47 . 2013-01-11 01:30 41664 ----a-w- c:\windows\avastSS.scr
2013-08-30 07:47 . 2013-01-11 01:30 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-08-29 02:17 . 2013-10-09 12:55 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-29 02:16 . 2013-10-09 12:55 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-29 02:16 . 2013-10-09 12:55 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-29 02:16 . 2013-10-09 12:55 859648 ----a-w- c:\windows\system32\tdh.dll
2013-08-29 02:13 . 2013-10-09 12:55 878080 ----a-w- c:\windows\system32\advapi32.dll
2013-08-29 01:51 . 2013-10-09 12:55 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51 . 2013-10-09 12:55 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50 . 2013-10-09 12:55 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-29 01:50 . 2013-10-09 12:55 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-29 01:50 . 2013-10-09 12:55 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2013-08-29 01:48 . 2013-10-09 12:55 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2013-08-29 01:48 . 2013-10-09 12:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-29 00:49 . 2013-10-09 12:55 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-29 00:49 . 2013-10-09 12:55 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-29 00:49 . 2013-10-09 12:55 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49 . 2013-10-09 12:55 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-28 01:21 . 2013-10-09 12:55 3155968 ----a-w- c:\windows\system32\win32k.sys
2013-08-28 01:12 . 2013-10-09 12:55 461312 ----a-w- c:\windows\system32\scavengeui.dll
2012-05-27 11:19 . 2012-05-27 11:19 26624 ----a-w- c:\program files (x86)\Common Files\rad_hud.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{e9e8eb35-ff77-455d-b677-91e5e4fc06c2}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="g:\programme\Steam\steam.exe" [2013-10-30 1820584]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-03 3093624]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-02 20472992]
"F.lux"="c:\users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-15 1016712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-27 291608]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iSCTsysTray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe [2012-8-16 316416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\Drivers\lgandnetadb.sys;c:\windows\SYSNATIVE\Drivers\lgandnetadb.sys [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
R3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzendpt.sys [x]
R3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe;c:\program files (x86)\Tunngle\TnglCtrl.exe [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AsrAppCharger.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 cmudaxp;ASUS Xonar DG Audio Interface;c:\windows\system32\drivers\cmudaxp.sys;c:\windows\SYSNATIVE\drivers\cmudaxp.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys;c:\windows\SYSNATIVE\DRIVERS\tap0901t.sys [x]
S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-11-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 13:34]
.
2013-11-23 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2013-01-11 08:39]
.
2013-11-23 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 10:54]
.
2013-11-20 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-04-16 10:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-08-30 07:47 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-08 1028384]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2012-11-20 12935168]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-11-08 1064224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
FF - ProfilePath - c:\users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - ExtSQL: 2013-10-30 01:23; {1aa3b4d6-ff9b-4123-b9fa-7a58a2bd3111}; c:\users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\extensions\{1aa3b4d6-ff9b-4123-b9fa-7a58a2bd3111}.xpi
FF - ExtSQL: 2013-11-06 00:50; {7c81974a-2ac8-4006-8817-4b86ce06f210}; c:\users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\extensions\{7c81974a-2ac8-4006-8817-4b86ce06f210}.xpi
FF - ExtSQL: 2013-11-16 18:58; jid1-QpHD8URtZWJC2A@jetpack; c:\users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-iSkysoft Helper Compact.exe - c:\program files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
Wow6432Node-HKLM-Run-BrowserPlugInHelper - c:\program files (x86)\iSkysoft\iTube Studio\BrowserPlugInHelper.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} - c:\program files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-11-23 08:40:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-11-23 07:40
.
Vor Suchlauf: 11 Verzeichnis(se), 38.995.378.176 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 42.551.562.240 Bytes frei
.
- - End Of File - - 4EE0C1419E318D72BC8823D52ACE8425
|
|
24.11.2013, 08:04
| #9 |
| /// the machine /// TB-Ausbilder | Avast! hat mehrere Viren gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.11.2013, 11:53
| #10 |
| | Avast! hat mehrere Viren gefunden Hallo, hier ist der Malwarebyte log Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.24.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 P83x :: ALPHA [Administrator] Schutz: Aktiviert 24.11.2013 11:22:33 mbam-log-2013-11-24 (11-22-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 239858 Laufzeit: 1 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 24/11/2013 um 11:29:53
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : P83x - ALPHA
# Gestartet von : C:\Users\P83x\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [975 octets] - [24/11/2013 11:28:11]
AdwCleaner[S0].txt - [846 octets] - [24/11/2013 11:29:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [905 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Ultimate x64
Ran by P83x on 24.11.2013 at 11:35:22,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\P83x\AppData\Roaming\mozilla\firefox\profiles\ufl3zklg.default\minidumps [57 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.11.2013 at 11:40:58,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2013 03
Ran by P83x (administrator) on ALPHA on 24-11-2013 11:47:30
Running from C:\Users\P83x\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF3GPVO3
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
() C:\Windows\SysWOW64\HsMgr.exe
(CMedia) C:\Program Files\ASUS Xonar DG Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\system\HsMgr64.exe
(Valve Corporation) G:\Programme\Steam\Steam.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Flux Software LLC) C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [Cmaudio8788] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] - C:\Windows\SysWOW64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] - C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Steam] - G:\Programme\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-03-03] ()
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKCU\...\Run: [F.lux] - C:\Users\P83x\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)
HKLM-x32\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\94b5db4d-89c5-4ae0-ad58-d381caea5604.exe [180184 2013-11-23] (AVAST Software)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-10-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [141336 2013-10-23] (NVIDIA Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x55011B838CEFCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default
FF Homepage: google.com
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(shExpMatch(host%2C%20'(*.turntable.fm%7Cturntable.fm)')%20%26%26%20url.indexOf('.css')%20%3D%3D%20-1%20%26%26%20url.indexOf('.js')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*'))%20%7B%20return%20'PROXY%20ab-us12.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us20.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us18.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us15.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us16.personalitycores.com%3A8000%3B%20PROXY%20ab-us21.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us14.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us22.personalitycores.com%3A8000%3B%20PROXY%20ab-us17.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.10.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Xmarks - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\foxmarks@kei.com
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\ich@maltegoetz.de
FF Extension: LastPass - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\support@lastpass.com
FF Extension: YouTube Unblocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\youtubeunblocker@unblocker.yt
FF Extension: Cookies Manager+ - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{bb6bc1bb-f824-4702-90cd-35e2fb24f25d}
FF Extension: groovesharkUnlocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: jid1-QpHD8URtZWJC2A - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
FF Extension: SciLorsGrooveUnlocker - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi
FF Extension: No Name - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{1aa3b4d6-ff9b-4123-b9fa-7a58a2bd3111}.xpi
FF Extension: prefs - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{7c81974a-2ac8-4006-8817-4b86ce06f210}.xpi
FF Extension: Adblock Plus - C:\Users\P83x\AppData\Roaming\Mozilla\Firefox\Profiles\ufl3zklg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-01-10] (Ellora Assets Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)
==================== Drivers (Whitelisted) ====================
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-03-07] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-03-06] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-03-06] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-03-06] (LG Electronics Inc.)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-11] (DT Soft Ltd)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [31232 2013-06-07] (Razer Inc)
R3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2013-11-24] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-24 11:43 - 2013-11-24 11:43 - 00000751 _____ C:\Users\P83x\Desktop\junk removal tool.txt
2013-11-24 11:40 - 2013-11-24 11:40 - 00000751 _____ C:\Users\P83x\Desktop\JRT.txt
2013-11-24 11:35 - 2013-11-24 11:35 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 11:34 - 2013-11-24 11:34 - 00000984 _____ C:\Users\P83x\Desktop\AdwCleaner[S0].txt
2013-11-24 11:27 - 2013-11-24 11:29 - 00000000 ____D C:\AdwCleaner
2013-11-24 11:26 - 2013-11-24 11:26 - 01091882 _____ C:\Users\P83x\Desktop\adwcleaner.exe
2013-11-24 11:26 - 2013-11-24 11:26 - 01034531 _____ (Thisisu) C:\Users\P83x\Desktop\JRT.exe
2013-11-24 11:20 - 2013-11-24 11:20 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Malwarebytes
2013-11-24 11:19 - 2013-11-24 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P83x\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-24 11:19 - 2013-11-24 11:19 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-24 11:19 - 2013-11-24 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 11:19 - 2013-11-24 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 11:19 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-23 18:57 - 2013-11-23 18:57 - 00000212 _____ C:\Users\P83x\Desktop\Mortal Kombat Kollection.url
2013-11-23 08:43 - 2013-11-23 08:43 - 00000000 ___SD C:\ComboFix
2013-11-23 08:40 - 2013-11-23 08:40 - 00028903 _____ C:\ComboFix.txt
2013-11-23 08:33 - 2013-11-23 08:43 - 00000000 ____D C:\Qoobox
2013-11-23 08:33 - 2013-11-23 08:39 - 00000000 ____D C:\Windows\erdnt
2013-11-23 08:33 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2013-11-23 08:33 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2013-11-23 08:33 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-11-23 08:33 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-11-23 08:33 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-11-23 08:33 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2013-11-23 08:33 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2013-11-23 08:33 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2013-11-23 08:31 - 2013-11-23 08:32 - 05147802 ____R (Swearware) C:\Users\P83x\Desktop\ComboFix.exe
2013-11-22 15:32 - 2013-11-22 15:32 - 00012990 _____ C:\Users\P83x\Desktop\GMER.zip
2013-11-22 15:22 - 2013-11-22 15:22 - 00234200 _____ C:\Users\P83x\Desktop\GMER.log
2013-11-22 14:50 - 2013-11-22 14:51 - 00047672 _____ C:\Users\P83x\Desktop\FRST.txt
2013-11-22 14:50 - 2013-11-22 14:51 - 00030552 _____ C:\Users\P83x\Desktop\Addition.txt
2013-11-22 14:50 - 2013-11-22 14:50 - 00377856 _____ C:\Users\P83x\Desktop\lmy7tt71.exe
2013-11-22 14:50 - 2013-11-22 14:50 - 00000000 ____D C:\FRST
2013-11-22 14:48 - 2013-11-22 14:48 - 00000540 _____ C:\Users\P83x\Desktop\defogger_disable.log
2013-11-22 14:48 - 2013-11-22 14:48 - 00000168 _____ C:\Users\P83x\defogger_reenable
2013-11-22 14:47 - 2013-11-22 14:47 - 00050477 _____ C:\Users\P83x\Desktop\Defogger.exe
2013-11-21 21:01 - 2013-11-21 21:02 - 00000000 ____D C:\Program Files (x86)\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000935 _____ C:\Users\P83x\Desktop\Open Broadcaster Software.lnk
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files\OBS
2013-11-20 17:48 - 2013-11-20 17:48 - 00000000 ____D C:\Users\P83x\AppData\Local\NVIDIA Corporation
2013-11-16 00:01 - 2013-11-16 10:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\Documents\Amnesia
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\AppData\Roaming\fltk.org
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\ProgramData\fltk.org
2013-11-14 05:49 - 2013-11-24 11:31 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-13 17:49 - 2013-11-13 17:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-13 10:51 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 10:51 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 10:51 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 10:51 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 10:51 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 10:51 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 10:51 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 10:51 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 10:51 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 10:51 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 10:51 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 10:51 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 10:05 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 10:05 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 10:05 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 10:05 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 10:05 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 10:05 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 10:05 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 10:05 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 10:05 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 10:05 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 10:05 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 10:05 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 10:05 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 10:05 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 10:05 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 10:05 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 10:05 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 10:05 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 10:05 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 10:05 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 10:05 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 10:05 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 10:05 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 10:05 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 10:05 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 10:05 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 10:05 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 10:05 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 10:05 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 10:05 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-10-29 13:50 - 2013-10-23 11:30 - 30344480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 22933792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 18286416 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 18199872 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 15855568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 12572960 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-10-29 13:50 - 2013-10-23 11:30 - 11426568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 11374520 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 09524088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 09480328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 03131680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 03124512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 02946848 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 02747168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433165.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433165.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 01241376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00696096 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00655136 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00560416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00479520 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00405280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00317472 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-10-29 13:50 - 2013-10-23 11:30 - 00266984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-10-29 13:50 - 2013-01-29 09:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco64.dll
2013-10-29 13:49 - 2013-10-23 11:30 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-10-29 13:49 - 2013-10-23 11:30 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-10-29 13:47 - 2013-11-08 21:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-10-29 13:47 - 2013-11-08 21:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-10-29 13:46 - 2013-09-28 00:01 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-10-29 13:46 - 2013-09-28 00:01 - 00028960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
==================== One Month Modified Files and Folders =======
2013-11-24 11:47 - 2013-03-03 21:26 - 00000000 ____D C:\Users\P83x\AppData\Local\PMB Files
2013-11-24 11:43 - 2013-11-24 11:43 - 00000751 _____ C:\Users\P83x\Desktop\junk removal tool.txt
2013-11-24 11:40 - 2013-11-24 11:40 - 00000751 _____ C:\Users\P83x\Desktop\JRT.txt
2013-11-24 11:37 - 2013-01-11 00:17 - 01688460 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-24 11:37 - 2009-07-14 18:58 - 00728118 _____ C:\Windows\system32\perfh007.dat
2013-11-24 11:37 - 2009-07-14 18:58 - 00160448 _____ C:\Windows\system32\perfc007.dat
2013-11-24 11:36 - 2009-07-14 05:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-24 11:36 - 2009-07-14 05:45 - 00020480 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-24 11:35 - 2013-11-24 11:35 - 00000000 ____D C:\Windows\ERUNT
2013-11-24 11:34 - 2013-11-24 11:34 - 00000984 _____ C:\Users\P83x\Desktop\AdwCleaner[S0].txt
2013-11-24 11:31 - 2013-11-14 05:49 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp
2013-11-24 11:31 - 2013-07-18 12:30 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-24 11:31 - 2013-01-11 09:39 - 00002896 _____ C:\Windows\System32\Tasks\AutoKMS
2013-11-24 11:31 - 2013-01-11 09:39 - 00000266 _____ C:\Windows\Tasks\AutoKMS.job
2013-11-24 11:31 - 2013-01-11 09:02 - 00000000 ____D C:\Users\P83x\AppData\Local\LogMeIn Hamachi
2013-11-24 11:31 - 2013-01-11 02:57 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Skype
2013-11-24 11:31 - 2013-01-11 01:25 - 00310746 _____ C:\Windows\PFRO.log
2013-11-24 11:31 - 2013-01-11 01:24 - 00034752 _____ C:\Windows\system32\Drivers\WPRO_41_2001.sys
2013-11-24 11:31 - 2013-01-11 01:20 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2013-11-24 11:31 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-24 11:31 - 2009-07-14 05:51 - 00136342 _____ C:\Windows\setupact.log
2013-11-24 11:30 - 2013-01-11 00:12 - 01097942 _____ C:\Windows\WindowsUpdate.log
2013-11-24 11:29 - 2013-11-24 11:27 - 00000000 ____D C:\AdwCleaner
2013-11-24 11:26 - 2013-11-24 11:26 - 01091882 _____ C:\Users\P83x\Desktop\adwcleaner.exe
2013-11-24 11:26 - 2013-11-24 11:26 - 01034531 _____ (Thisisu) C:\Users\P83x\Desktop\JRT.exe
2013-11-24 11:20 - 2013-11-24 11:20 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Malwarebytes
2013-11-24 11:19 - 2013-11-24 11:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\P83x\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-24 11:19 - 2013-11-24 11:19 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-24 11:19 - 2013-11-24 11:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-24 11:19 - 2013-11-24 11:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-24 02:54 - 2013-01-11 02:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-24 02:39 - 2013-03-03 21:26 - 00000000 ____D C:\ProgramData\PMB Files
2013-11-23 19:00 - 2013-01-30 16:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-23 19:00 - 2013-01-11 10:24 - 00690733 _____ C:\Windows\DirectX.log
2013-11-23 19:00 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-11-23 18:57 - 2013-11-23 18:57 - 00000212 _____ C:\Users\P83x\Desktop\Mortal Kombat Kollection.url
2013-11-23 17:07 - 2013-01-11 09:20 - 00000000 ____D C:\Users\P83x\AppData\Local\CrashDumps
2013-11-23 16:01 - 2013-01-18 15:10 - 00000000 ____D C:\Users\P83x\AppData\Roaming\TS3Client
2013-11-23 14:10 - 2013-01-11 09:50 - 00000000 ____D C:\Users\P83x\AppData\Roaming\foobar2000
2013-11-23 13:53 - 2013-01-11 01:20 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2013-11-23 12:18 - 2013-05-31 20:06 - 00000000 ____D C:\Users\P83x\Bilder
2013-11-23 08:46 - 2013-01-11 00:13 - 00000000 ____D C:\Users\P83x
2013-11-23 08:43 - 2013-11-23 08:43 - 00000000 ___SD C:\ComboFix
2013-11-23 08:43 - 2013-11-23 08:33 - 00000000 ____D C:\Qoobox
2013-11-23 08:40 - 2013-11-23 08:40 - 00028903 _____ C:\ComboFix.txt
2013-11-23 08:39 - 2013-11-23 08:33 - 00000000 ____D C:\Windows\erdnt
2013-11-23 08:38 - 2009-07-14 03:34 - 71565312 _____ C:\Windows\system32\config\software.bak
2013-11-23 08:38 - 2009-07-14 03:34 - 23592960 _____ C:\Windows\system32\config\system.bak
2013-11-23 08:38 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2013-11-23 08:38 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-11-23 08:38 - 2009-07-14 03:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-11-23 08:38 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-23 08:32 - 2013-11-23 08:31 - 05147802 ____R (Swearware) C:\Users\P83x\Desktop\ComboFix.exe
2013-11-22 15:32 - 2013-11-22 15:32 - 00012990 _____ C:\Users\P83x\Desktop\GMER.zip
2013-11-22 15:22 - 2013-11-22 15:22 - 00234200 _____ C:\Users\P83x\Desktop\GMER.log
2013-11-22 14:51 - 2013-11-22 14:50 - 00047672 _____ C:\Users\P83x\Desktop\FRST.txt
2013-11-22 14:51 - 2013-11-22 14:50 - 00030552 _____ C:\Users\P83x\Desktop\Addition.txt
2013-11-22 14:50 - 2013-11-22 14:50 - 00377856 _____ C:\Users\P83x\Desktop\lmy7tt71.exe
2013-11-22 14:50 - 2013-11-22 14:50 - 00000000 ____D C:\FRST
2013-11-22 14:48 - 2013-11-22 14:48 - 00000540 _____ C:\Users\P83x\Desktop\defogger_disable.log
2013-11-22 14:48 - 2013-11-22 14:48 - 00000168 _____ C:\Users\P83x\defogger_reenable
2013-11-22 14:47 - 2013-11-22 14:47 - 00050477 _____ C:\Users\P83x\Desktop\Defogger.exe
2013-11-22 14:34 - 2013-01-11 15:58 - 00000000 ____D C:\Users\P83x\AppData\Local\Adobe
2013-11-22 14:34 - 2013-01-11 02:15 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-22 14:34 - 2013-01-11 02:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-21 21:02 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files (x86)\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000935 _____ C:\Users\P83x\Desktop\Open Broadcaster Software.lnk
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\OBS
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Users\P83x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2013-11-21 21:01 - 2013-11-21 21:01 - 00000000 ____D C:\Program Files\OBS
2013-11-21 20:35 - 2013-01-11 02:28 - 00000000 ____D C:\Users\P83x\AppData\Roaming\vlc
2013-11-20 17:48 - 2013-11-20 17:48 - 00000000 ____D C:\Users\P83x\AppData\Local\NVIDIA Corporation
2013-11-19 06:25 - 2013-01-11 02:30 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-16 23:52 - 2013-01-11 02:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-16 10:33 - 2013-11-16 00:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\Documents\Amnesia
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\Users\P83x\AppData\Roaming\fltk.org
2013-11-15 21:07 - 2013-11-15 21:07 - 00000000 ____D C:\ProgramData\fltk.org
2013-11-13 22:35 - 2013-08-02 16:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2013-11-13 22:35 - 2013-08-02 16:03 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-11-13 22:35 - 2013-08-02 16:03 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-13 18:24 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-13 17:49 - 2013-11-13 17:49 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-11-13 10:51 - 2013-01-11 09:34 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 10:50 - 2013-07-26 02:00 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 10:50 - 2009-10-14 06:12 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2009-10-14 06:13 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 21:47 - 2013-10-29 13:47 - 01064224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2013-11-08 21:47 - 2013-10-29 13:47 - 00955168 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2013-11-05 19:57 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-02 20:16 - 2013-01-11 02:58 - 00000000 ____D C:\Program Files\TeamSpeak 3 Client
2013-10-29 17:17 - 2013-03-10 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-29 17:17 - 2013-01-11 02:57 - 00000000 ____D C:\ProgramData\Skype
2013-10-29 13:51 - 2013-01-25 12:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-29 13:47 - 2013-07-18 12:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-29 13:47 - 2013-07-18 12:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-27 14:11 - 2013-07-04 19:44 - 00016090 _____ C:\Users\P83x\Elo Boosting.xlsx
2013-10-25 17:20 - 2013-01-21 15:27 - 00000000 ____D C:\Program Files (x86)\JDownloader
Some content of TEMP:
====================
C:\Users\P83x\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 14:39
==================== End Of Log ============================
Scheint doch gut zu sein oder? |
|
25.11.2013, 07:57
| #11 |
| /// the machine /// TB-Ausbilder | Avast! hat mehrere Viren gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.11.2013, 13:52
| #12 |
| | Avast! hat mehrere Viren gefunden Hallo ich habe gestern 3x versucht den ESET Scanner durchlaufen zu lassen aber jedesmal ist mein computer gefroren? Beim 1. mal hab ich während dem scan im internet gesurft. Beim 2. mal hab ich nichts am Computer gemacht und als ich zurückkam ist er bei ung. 89% ( 2 1/2 std) stecken geblieben und beim 3. mal hab ich ihn über die Nacht durchlaufen lassen und da war mein Bildschirm komplett schwarz! Was soll ich jetzt machen? |
|
27.11.2013, 09:01
| #13 |
| /// the machine /// TB-Ausbilder | Avast! hat mehrere Viren gefunden Lass ESET weg und mach statt dessen einen Vollscan mit deinem AV Programm.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.01.2014, 14:01
| #14 |
| | Avast! hat mehrere Viren gefunden Hallo, tut mir leid das ich erst jetzt antworten konnte und auch vorher nicht bescheid gesagt habe das ich für eine längere Zeit weg bin. Es ist ein Problem noch dazu gekommen und zwar habe ich ungewollte Erweiterungen die sich nicht deinstallieren lassen (z.B. safesaver). Soll ich am besten nochmal von vorne beginnen und die ersten Schritte ausführen? Frohes neues Jahr p83x |
|
03.01.2014, 12:10
| #15 |
| /// the machine /// TB-Ausbilder | Avast! hat mehrere Viren gefunden Poste einfach mal frische FRST Logs
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avast! hat mehrere Viren gefunden |
| autostart, avast, avast!, code, daemon, dateien, funktionier, gefunde, google, hilfe, hilfe!, konnte, log, schonmal, schritte, screenshot, tools, viren, virusfund, zip-datei |
Linear-Darstellung
