| |
| |||||||
Log-Analyse und Auswertung: Nicht definierbare Einträge im EreignislogbuchWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.09.2014, 22:48
| #1 |
 |  Nicht definierbare Einträge im Ereignislogbuch Hallo, ich habe im Ereignislogbuch meiner Easy-Box komische Einträge gefunden. Deshalb habe ich diese Einträge auf Google gesucht und habe diese Seite forum.sysprofile.de/computerfragen/94552-tcp-fin-scan-dsl-easybox-802-a.html gefunden. Die Einträge sind die gleichen wie bei mir, aber mit anderen IP-Adressen und bei mir sind auch noch **UDP Loop** und **Smurf** vorhanden. Dort sah ich dass man auf dieser Seite Hilfe bekommt. Ich habe die Anleitung befolgt und das Ergebnis teile ich Euch jetzt mit. Ich hoffe Ihr könnt mir helfen. Danke. |
|
20.09.2014, 23:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Nicht definierbare Einträge im Ereignislogbuch Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.09.2014, 00:12
| #3 |
| | Nicht definierbare Einträge im Ereignislogbuch a2scan
__________________Code:
ATTFilter Emsisoft Anti-Malware - Version 9.0
Letztes Update: 05.09.2014 13:57:40
Benutzerkonto: *****-PC\*****
Scan Einstellungen:
Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\, D:\, Q:\
PUPs-Erkennung: An
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
Scan Beginn: 05.09.2014 13:58:41
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{562B9316-C08A-444A-9482-62080DD851AE} gefunden: Application.InstallSpeed (A)
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\browserprotect gefunden: Application.AdStart (A)
C:\Users\*****\AppData\Roaming\babylon gefunden: Application.AppInstall (A)
C:\Users\*****\AppData\Roaming\simplitec gefunden: Application.AppInstall (A)
C:\ProgramData\babylon gefunden: Application.AppInstall (A)
C:\ProgramData\simplitec gefunden: Application.AppInstall (A)
C:\Users\*****\AppData\Local\apn gefunden: Application.AppInstall (A)
C:\Program Files (x86)\free video converter gefunden: Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ADDONSHELPER gefunden: Application.AdServ (A)
Key: HKEY_USERS\S-1-5-21-3773635360-3589719687-3993712204-1001\SOFTWARE\BABSOLUTION gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BETTERSURF gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_IS1 gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} gefunden: Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} gefunden: Application.InstallTool (A)
C:\ProgramData\Ask gefunden: Application.Win32.WebToolbar (A)
Key: HKEY_USERS\S-1-5-21-3773635360-3589719687-3993712204-1001\SOFTWARE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT gefunden: Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS gefunden: Application.Win32.InstallExt (A)
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I35G87BL\SPSetup[1].exe gefunden: Application.Win32.InstallTool (A)
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I35G87BL\SPSetup[2].exe gefunden: Application.Toolbar (A)
D:\*****-PC\Backup Set 2013-02-17 190002\Backup Files 2013-02-17 190002\Backup files 3.zip -> C\Users\*****\AppData\Local\SwvUpdater\Updater.exe gefunden: Gen:Variant.Application.Bundler.Amonetize.11 (B)
Gescannt 57785
Gefunden 25
Scan Ende: 05.09.2014 14:06:48
Scan Zeit: 0:08:07
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\BINGBAR_RASMANCS Quarantäne Application.Win32.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\PROD.CAP Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\CONDUIT Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3773635360-3589719687-3993712204-1001\SOFTWARE\CONDUIT Quarantäne Application.InstallAd (A)
C:\ProgramData\Ask Quarantäne Application.Win32.WebToolbar (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0} Quarantäne Application.InstallTool (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Quarantäne Application.InstallExt (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_IS1 Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BETTERSURF Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\BABYLON Quarantäne Application.InstallAd (A)
Key: HKEY_USERS\S-1-5-21-3773635360-3589719687-3993712204-1001\SOFTWARE\BABSOLUTION Quarantäne Application.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ADDONSHELPER Quarantäne Application.AdServ (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Quarantäne Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Quarantäne Application.AdReg (A)
C:\Program Files (x86)\free video converter Quarantäne Application.AppInstall (A)
C:\Users\*****\AppData\Local\apn Quarantäne Application.AppInstall (A)
C:\ProgramData\simplitec Quarantäne Application.AppInstall (A)
C:\ProgramData\babylon Quarantäne Application.AppInstall (A)
C:\Users\*****\AppData\Roaming\simplitec Quarantäne Application.AppInstall (A)
C:\Users\*****\AppData\Roaming\babylon Quarantäne Application.AppInstall (A)
C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\browserprotect Quarantäne Application.AdStart (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{562B9316-C08A-444A-9482-62080DD851AE} Quarantäne Application.InstallSpeed (A)
D:\*****-PC\Backup Set 2013-02-17 190002\Backup Files 2013-02-17 190002\Backup files 3.zip Quarantäne Gen:Variant.Application.Bundler.Amonetize.11 (B)
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I35G87BL\SPSetup[2].exe Quarantäne Application.Toolbar (A)
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I35G87BL\SPSetup[1].exe Quarantäne Application.Win32.InstallTool (A)
Quarantäne 25
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by ***** at 2014-09-08 18:13:16
Running from C:\Users\*****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0142.68441 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0142.68441 - Alcor Micro Corp.) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_MSI_mm17_silver_asus) (Version: 17.0.2.22 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.22 - MAGIX AG) Hidden
ASUS N Series Demo (HKLM-x32\...\{246B4AFF-6540-4B72-93E8-B9EB86D37589}) (Version: 1.0.0001 - ASUS)
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.2 - MAGIX AG)
ASUS Photo Designer (x32 Version: 7.0.1.2 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.217 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4711 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4711 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.11 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusScr_N6 Series_ENG (HKLM-x32\...\AsusScr_N6 Series_ENG) (Version: 1.0.0003 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.130 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Avira (HKLM-x32\...\{c5039061-0c7c-4f6c-96e5-348a19bd22ec}) (Version: 1.1.20.29573 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.20.29573 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version: - Oberon Media)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2715_43927 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.2715_43927 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4702a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4702a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media)
Desktop Icon für Amazon (HKLM\...\DesktopIconAmazon) (Version: 1.0.1 (de) - )
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}) (Version: 1.0.0 - Pas)
IP Camera DS Filter (HKLM-x32\...\IPCameraDSFilter) (Version: 5.5.0.0 - Moonware Studios)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KVIrc (HKLM-x32\...\KVIrc) (Version: - Szymon Stefanek and The KVIrc Development Team)
MAGIX Audio & Music Lab 2014 Premium (HKLM-x32\...\MX.{8D097354-F4D1-4FFE-9E0C-2CE2942C8DAB}) (Version: 20.0.0.36 - MAGIX Software GmbH)
MAGIX Audio & Music Lab 2014 Premium (Version: 20.0.0.36 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{CAC01506-F69E-49FA-B091-563A4335B136}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version: - Oberon Media)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM)
QuickTime (HKLM-x32\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
SearchAnonymizer (HKLM\...\SearchAnonymizer) (Version: 1.0.1 (de) - )
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShareKM 1.0.19 (HKLM-x32\...\ShareKM) (Version: 1.0.19 - Liveov)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version: - Oberon Media)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version: - Oberon Media)
Yontoo 1.12.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.12.02 - Yontoo LLC) <==== ATTENTION
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-09-2014 17:00:22 Windows-Sicherung
07-09-2014 17:15:04 Windows Update
07-09-2014 18:57:49 Windows Update
07-09-2014 19:05:12 Installed Microsoft Fix it 50202
07-09-2014 19:05:48 Installed Microsoft Fix it 50202
07-09-2014 19:22:17 Windows Update
07-09-2014 19:42:00 Windows Update
07-09-2014 22:17:37 Windows Update
07-09-2014 22:40:01 Windows Update
07-09-2014 23:07:35 Windows Update
08-09-2014 01:00:13 Windows Update
08-09-2014 03:20:10 Windows Update
08-09-2014 11:54:57 Windows Update
08-09-2014 12:04:19 Windows Update
08-09-2014 12:13:26 Windows Update
08-09-2014 12:32:37 Removed Java 7 Update 51 (64-bit)
08-09-2014 12:33:44 Removed Java 7 Update 60
08-09-2014 12:34:45 Removed Java SE Development Kit 7 Update 51
08-09-2014 12:36:07 Removed Java SE Development Kit 7 Update 51 (64-bit)
08-09-2014 12:39:49 Installed Java(TM) 6 Update 45 (64-bit)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {065B6867-BA16-4345-A131-A326291D8F8C} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {1DFF081C-7146-4BE2-A24C-886FD623790C} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {2CEFBA89-227E-4115-BBF6-4672D7A04D15} - System32\Tasks\{0395DFE0-5E96-4B83-94AF-F0385D3D4A0A} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1603
Task: {3E90D635-BB1B-47D0-B1BF-9E0E2DE2C3DB} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2012-04-12] (ASUSTeK Computer Inc.)
Task: {614FA032-E5BF-45DB-9480-2FB80A74B4F3} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-24] (Google Inc.)
Task: {973F03B5-018B-494F-AAEF-0E5BE5B3289D} - System32\Tasks\{58CD9F93-C4CD-41C1-A39F-80125246E021} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1603
Task: {9A922E32-2CFD-4354-AFC2-C92F4A4EB7B9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {9D99D0C7-FD4C-40C2-B170-87199D1FE651} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2012-04-12] (ASUSTeK Computer Inc.)
Task: {BE69F1E4-66F5-43EE-A6D6-37A6C9C38E16} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {CD5355D3-6BB7-4128-9A9B-A8341D5A8E66} - System32\Tasks\{59D50FC0-FCDF-4306-BA04-A50129B3AAA5} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=6.3.0.105&LastError=12002
Task: {CF843048-3315-4A03-BD2C-D48A19C8950A} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation)
Task: {D3056654-A9F5-4AAB-8300-3C0D50425ACB} - System32\Tasks\P4GIntlCtrl => C:\Program Files\ASUS\P4G\IntlDPST.exe [2011-12-29] ()
Task: {E047C310-AAAA-4823-82A6-076DFA454E2D} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2013-01-11] (ASUSTek Computer Inc.)
Task: {E7D44771-B7EA-4278-A7B6-0331D3C82BAC} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {EE21CA0E-69E7-478D-A3D0-2C2E425AFB95} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {F9DF42DC-5C0F-4496-942D-D1C18646B70D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-08-14 17:38 - 2014-03-04 16:35 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-14 17:39 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-06-18 17:24 - 2012-06-18 17:24 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_05.dll
2010-07-15 01:11 - 2010-07-15 01:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2012-05-08 10:24 - 2012-04-02 10:27 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-08-14 17:33 - 2012-02-21 21:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-08-14 17:58 - 2009-04-17 12:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-02-11 16:02 - 2013-02-11 16:02 - 00040960 _____ () C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
2014-09-08 15:19 - 2013-02-04 13:05 - 00312320 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\eclipse\eclipse.exe
2014-09-08 15:19 - 2012-10-03 12:58 - 00057344 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\eclipse\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20120913-144807\eclipse_1503.dll
2014-09-08 15:28 - 2014-09-08 15:28 - 00044032 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\eclipse\configuration\org.eclipse.osgi\bundles\81\1\.cp\jWinHttp-1.0.0.dll
2014-09-08 15:28 - 2014-09-08 15:28 - 00048128 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\eclipse\configuration\org.eclipse.osgi\bundles\78\1\.cp\os\win32\x86_64\localfile_1_0_0.dll
2014-09-08 15:19 - 2014-06-21 18:13 - 00908800 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe
2014-09-08 15:19 - 2014-07-01 16:13 - 02391552 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\emulator-arm.exe
2014-09-05 05:30 - 2014-08-15 18:43 - 00746536 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2012-08-14 17:38 - 2014-03-04 16:35 - 00014280 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2012-01-31 18:25 - 2012-01-31 18:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2012-02-21 23:49 - 2012-02-21 23:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2010-08-20 18:57 - 2010-08-20 18:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 18:57 - 2010-08-20 18:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2011-08-16 05:12 - 2011-08-16 05:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll
2011-08-16 05:15 - 2011-08-16 05:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll
2011-08-18 01:41 - 2011-08-18 01:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll
2011-08-18 01:48 - 2011-08-18 01:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll
2011-11-25 22:29 - 2011-11-25 22:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll
2011-08-16 05:12 - 2011-08-16 05:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-18 01:48 - 2011-08-18 01:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll
2011-08-16 04:23 - 2011-08-16 04:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll
2011-11-25 22:28 - 2011-11-25 22:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll
2011-11-25 22:42 - 2011-11-25 22:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2011-11-25 22:26 - 2011-11-25 22:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll
2014-08-14 17:27 - 2014-08-14 17:27 - 00140024 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-14 17:27 - 2014-08-14 17:27 - 00067832 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-25 20:11 - 2014-08-14 17:27 - 00051504 _____ () C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-08-14 17:33 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-07-30 22:22 - 2014-07-30 22:22 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-08 20:25 - 2014-07-08 20:25 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
2014-09-08 15:19 - 2014-07-01 16:13 - 02648515 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\lib\libOpenglRender.dll
2014-09-08 15:19 - 2014-07-01 16:13 - 02289430 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\lib\libEGL_translator.DLL
2014-09-08 15:19 - 2014-07-01 16:13 - 01945797 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\lib\libGLES_CM_translator.DLL
2014-09-08 15:19 - 2014-07-01 16:13 - 01972085 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\lib\libGLES_V2_translator.DLL
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert werden. "ESENT"-Fehler: -501.
System errors:
=============
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error: (09/08/2014 06:13:01 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Microsoft Office Sessions:
=========================
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
Error: (09/08/2014 06:13:01 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 257) (User: )
Description: -501
CodeIntegrity Errors:
===================================
Date: 2014-07-26 06:22:08.207
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 06:22:08.127
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 06:21:25.991
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 06:21:25.910
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:37:14.211
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:37:14.132
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:36:33.233
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:36:33.146
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:35:51.064
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-26 05:35:50.982
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\MoboRobo\MoboroboAssDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 65%
Total physical RAM: 8077.83 MB
Available physical RAM: 2768.86 MB
Total Pagefile: 16153.84 MB
Available Pagefile: 8919.81 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:167.59 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:136.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 8DED5BA9)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter OTL Extras logfile created on: 08.09.2014 19:44:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,89 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 63,35% Memory free
15,78 Gb Paging File | 12,10 Gb Available in Paging File | 76,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279,45 Gb Total Space | 168,74 Gb Free Space | 60,38% Space Free | Partition Type: NTFS
Drive D: | 393,86 Gb Total Space | 136,85 Gb Free Space | 34,74% Space Free | Partition Type: NTFS
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03254D59-2163-496E-BAE7-DBB53819B32C}" = lport=139 | protocol=6 | dir=in | app=system |
"{0737C874-B3EE-4610-8FA3-6E7A1CC44F0A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{15150895-B0A6-44C6-B12F-6483DD553C33}" = lport=137 | protocol=17 | dir=in | app=system |
"{1E184A81-833C-4BE1-A0C9-1BADF17D10B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{22C74CD2-8F3E-403C-9A75-6ED516C2DB25}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A5D9755-1C48-44DB-AA54-0C5D1328CC65}" = rport=137 | protocol=17 | dir=out | app=system |
"{47DBEC39-BDC7-4F48-870A-0CEC56875BB3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F141321-2868-43DD-882C-071D7F061362}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{558BB4A0-A5DA-4506-AAFD-F4BE17874073}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55F724C4-3038-4D56-A0A1-31D3B9F1060D}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{596B6C02-C596-43A3-8EE9-86AA896FB666}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5C0BB01C-A849-4F6E-9BB4-392E19AB8989}" = rport=445 | protocol=6 | dir=out | app=system |
"{5F620727-D102-4A99-91C6-717CC3AC6680}" = rport=139 | protocol=6 | dir=out | app=system |
"{63E190D5-7B9C-4650-A521-E6EBD0514EF1}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{6924D5E3-D191-4AE8-9616-0A5A660CB1B5}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7200A232-CB9A-4548-89E0-CF072E6C2E3E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{760F1094-49CD-4038-A64B-C7E1BA3AC7B5}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{7B40F1EE-64A7-4F2B-9452-927D1AD7DEC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7DD99C42-BA31-48E3-9862-24C2D6B4F4A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C7B9B40-CD9A-4EB9-B0B3-A10370C77161}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{931EB2C7-D8A8-4A8D-96E7-495A081CE92A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{962A7A1F-D14B-4B9A-A9C9-7785EE69D0B3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A54675EA-5A4D-4296-B0F3-9B0775B28FE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A56F99CF-933B-4F79-9B77-D54139039647}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AA039315-F0BF-4CB9-8177-73D5389C0A71}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe |
"{CB8E97A7-0183-41C2-B3E8-B710DC9F2ABE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D8CB8816-8947-43B3-BDCB-8E24D4A84033}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{E20AF7E0-214B-48E6-A00F-70021F4372FA}" = rport=138 | protocol=17 | dir=out | app=system |
"{F2682429-BFC4-4DFA-9039-6EAE9BB57623}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F4A462E5-2C2E-4110-9012-8F08395053F4}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BB381A-6F26-47D3-9629-2F027594C515}" = protocol=6 | dir=in | app=c:\program files (x86)\moborobo\moborobo pc suite.exe |
"{04E56CF0-B282-4CAE-849B-157A64D57CB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{19E284DE-FE65-45E9-8827-69D5454439A1}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{23599E18-3286-44D3-95DD-C22083DA8A77}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33F752D5-5326-41DD-B7B1-2EAB8FEDCD08}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3A4BCBB4-FFAD-457D-87BA-6D667FC98DFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4140AECA-B3BC-4738-8F9B-8D177D433ED3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{47DF9B62-11CB-4E0C-95F7-237AB3440EF6}" = protocol=6 | dir=out | app=system |
"{56048913-2EE4-4FB6-9B10-B11FD9535645}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5F8AC06E-03D8-440D-A847-D81C1F468283}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{5FB84DF8-CBBC-43F4-8C35-F153C919F6D3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{720B325B-63F9-4153-A132-D9117640396C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{75AE9CE8-7C57-45BC-ABEE-0990FB854269}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A52C297-116C-4178-9DFF-B7C735278759}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7EDFBA07-AE3A-401E-B860-7D3B4BFC203F}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer_service.exe |
"{812139A7-62A8-4911-A1E5-2373917C55BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8BE6C848-D1F6-422A-9EF6-D4D862C84322}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{8F8D7F96-CA71-4112-8F5D-D95ABB5FCF4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{95F0713A-1CAE-4956-9F9A-4192023767EF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{AAA151FD-7DD3-4531-A9D9-3D47AFB27785}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B47DCE39-BD05-4FD0-BC5F-8FCE7C3FBB7F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{BE0EC94A-88B6-4356-B121-F67FE5BE0F40}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C6C13858-A4D9-4C33-8372-069E6CF331B4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{D12582E9-9031-44A1-B0CB-54FA56736BEB}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{D62C109B-B503-4694-ADC8-09DE5406064B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9BD3A59-32FF-4C20-B107-EF8E778BC76C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA39AE54-95ED-4F1F-9847-CE69DEDAAD66}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{DDB1A9E5-8B86-416B-9D33-D21202592D88}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E36E5297-E6DF-46F7-AB36-926A281A274B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F301DCB5-50D5-4708-A4B1-FD0A47D51B47}" = protocol=17 | dir=in | app=c:\program files (x86)\moborobo\moborobo pc suite.exe |
"{F78C98D2-3229-4E2F-9F1F-536981C68935}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version9\teamviewer.exe |
"{F8D26F15-2821-4BB9-BB97-CD3948DA0F37}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFF55B59-C781-4D6F-B157-FC28BA7FD589}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Atheros Bluetooth Suite (64)
"{26A24AE4-039D-4CA4-87B4-2F86416045FF}" = Java(TM) 6 Update 45 (64-bit)
"{3CE222BA-66A6-4D18-BEE9-5D21C5798C3E}" = Windows Live Family Safety
"{3D7F836A-AE1F-4FA6-8DB9-4FE06697AB0A}" = Windows Live Family Safety
"{3E776E7A-F4C3-4A89-8EAD-535E722C8397}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53375A2B-FE08-42B6-8EB8-16818CD27B2C}" = Windows Live Family Safety
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{63919769-655A-48A8-AD6C-39B471F683ED}" = Windows Live Family Safety
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.12.02
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D097354-F4D1-4FFE-9E0C-2CE2942C8DAB}" = MAGIX Audio & Music Lab 2014 Premium
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 335.23
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.1220
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.30.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.13
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{B36055BF-5F0E-4EAB-804D-9203DFB34ADC}" = Windows Live Family Safety
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CAC01506-F69E-49FA-B091-563A4335B136}" = MAGIX Speed burnR (MSI)
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E60F14FA-E114-4F25-AEE0-33FE9EC9B1C3}" = Windows Live Family Safety
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"DesktopIconAmazon" = Desktop Icon für Amazon
"Elantech" = ETDWare PS/2-X64 10.5.9.0
"FileViewPro_is1" = FileViewPro
"McAfee Security Scan" = McAfee Security Scan Plus
"myBitCast" = myBitCast 1.0.0.3
"SearchAnonymizer" = SearchAnonymizer
"VLC media player" = VLC media player 2.1.4
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19EA33FB-B34E-40EA-8B8A-61743AEB795A}" = Wireless Console 3
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1CA8266F-73D8-413A-94DF-EEAC92770AD7}" = Avira
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{246B4AFF-6540-4B72-93E8-B9EB86D37589}" = ASUS N Series Demo
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3A883D-B2AB-427D-B094-27D6241E0944}" = ASUS Photo Manager
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B962F32-78E6-4585-AF24-073AD36B6590}" = ASUS Photo Designer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}" = BlueStacks Notification Center
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1" = Emsisoft Anti-Malware
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS FaceLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}" = Avira
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{749F674B-2674-47E8-879C-5626A06B2A91}" = InstantOn for NB
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77D28FF5-242F-488A-8215-937D6A4D69E0}" = Adobe AIR
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{78DBE8CE-61F6-4D6C-806C-A0FFF65F5E1D}" = Windows Live Messenger
"{7CFE1371-8710-4846-9772-1F9A09F8EF2F}" = Alcor Micro USB Card Reader
"{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}" = Bing-Desktop
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Qualcomm Atheros WiFi Driver Installation
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}" = Dream Vacation Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}" = Bubbletown
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}" = Go Go Gourmet Chef of the Year
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}" = Turbo Fiesta
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}" = Plants vs Zombies
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}" = Mahjong Memoirs
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}" = Deadtime Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}" = Farm Frenzy 3 - Madagascar
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{938CFBD4-0652-49E5-BB8B-153948865941}" = ASUS Virtual Touch
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}" = פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BAEE89D5-6E87-4F89-9603-A1C100479181}" = Windows Live Messenger
"{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}" = Элемент управления Windows Live Mesh ActiveX для удаленных подключений
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C95A5A77-622F-45CA-9540-84468FCB18B1}" = Windows Live Messenger
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CBFD061C-4B27-4A89-ADD8-210316EEFA11}" = Windows Live Messenger
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D97A1B80-131F-4692-9543-E652956D8B99}" = ASUS Instant Key
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DD47370C-E0F1-407F-9DB0-3FF98907F1BC}" = ASUS Music Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E18B30AA-6E2D-480C-B918-AF61009F4010}" = عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}" = IP Camera Adapter
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"AmUStor" = Alcor Micro USB Card Reader
"Android SDK Tools" = Android SDK Tools
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_N6 Series_ENG" = AsusScr_N6 Series_ENG
"Avira AntiVir Desktop" = Avira Free Antivirus
"BlueStacks App Player" = BlueStacks App Player
"Foxit Reader_is1" = Foxit Reader
"Free Audio Dub_is1" = Free Audio Dub version 1.7.9.908
"Free Video Converter_is1" = Free Video Converter V 3.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"Game Park Console" = Game Park Console
"GeoGebra 4.2" = GeoGebra 4.2
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"IPCameraDSFilter" = IP Camera DS Filter
"KVIrc" = KVIrc
"MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}" = ASUS Photo Manager
"MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}" = ASUS Photo Designer
"MAGIX_MSI_mm17_silver_asus" = ASUS Music Maker
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.0.2.1012
"Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de)
"Mozilla Firefox 23.0.1 (x86 de)" = Mozilla Firefox 23.0.1 (x86 de)
"Mozilla Firefox 25.0.1 (x86 de)" = Mozilla Firefox 25.0.1 (x86 de)
"Mozilla Firefox 26.0 (x86 de)" = Mozilla Firefox 26.0 (x86 de)
"Mozilla Firefox 31.0 (x86 de)" = Mozilla Firefox 31.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Music Editor Free" = Music Editor Free
"MX.{8D097354-F4D1-4FFE-9E0C-2CE2942C8DAB}" = MAGIX Audio & Music Lab 2014 Premium
"MX.{CAC01506-F69E-49FA-B091-563A4335B136}" = MAGIX Speed burnR (MSI)
"Notepad++" = Notepad++
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Pen Tablet Driver" = Bamboo
"QUICKfind" = QUICKfind server v1.1
"ShareKM" = ShareKM 1.0.19
"TeamViewer 9" = TeamViewer 9
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = ESENT | ID = 412
Description = Catalog Database (1356)Catalog Database: Die Kopfzeile der Protokolldatei
C:\Windows\system32\CatRoot2\edb02823.log konnte nicht gelesen werden. Fehler -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = ESENT | ID = 412
Description = Catalog Database (1356)Catalog Database: Die Kopfzeile der Protokolldatei
C:\Windows\system32\CatRoot2\edb02823.log konnte nicht gelesen werden. Fehler -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = ESENT | ID = 412
Description = Catalog Database (1356)Catalog Database: Die Kopfzeile der Protokolldatei
C:\Windows\system32\CatRoot2\edb02823.log konnte nicht gelesen werden. Fehler -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
Error - 08.09.2014 13:39:02 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
Error - 08.09.2014 13:44:10 | Computer Name = *****-PC | Source = ESENT | ID = 412
Description = Catalog Database (1356)Catalog Database: Die Kopfzeile der Protokolldatei
C:\Windows\system32\CatRoot2\edb02823.log konnte nicht gelesen werden. Fehler -501.
Error - 08.09.2014 13:44:10 | Computer Name = *****-PC | Source = ESENT | ID = 412
Description = Catalog Database (1356)Catalog Database: Die Kopfzeile der Protokolldatei
C:\Windows\system32\CatRoot2\edb02823.log konnte nicht gelesen werden. Fehler -501.
Error - 08.09.2014 13:44:10 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
Error - 08.09.2014 13:44:10 | Computer Name = *****-PC | Source = Microsoft-Windows-CAPI2 | ID = 257
Description = Vom Kryptografiedienst konnte die Katalogdatenbank nicht initialisiert
werden. "ESENT"-Fehler: -501.
[ Media Center Events ]
Error - 11.09.2013 12:55:21 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 18:55:21 - Fehler beim Herstellen der Internetverbindung. 18:55:21
- Serververbindung konnte nicht hergestellt werden..
Error - 11.09.2013 12:55:32 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 18:55:26 - Fehler beim Herstellen der Internetverbindung. 18:55:26
- Serververbindung konnte nicht hergestellt werden..
Error - 12.09.2013 14:35:25 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 20:35:24 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
konnte keine Vertrauensstellung hergestellt werden..)
[ System Events ]
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 13:52:17 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 14:00:20 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 14:00:20 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
Error - 08.09.2014 14:00:20 | Computer Name = *****-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
< End of report >
|
|
21.09.2014, 00:17
| #4 |
| | Nicht definierbare Einträge im Ereignislogbuch FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01 Ran by ***** (administrator) on *****-PC on 08-09-2014 18:11:56 Running from C:\Users\*****\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe (ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Windows\AsScrPro.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe () C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDGesture.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Sun Microsystems, Inc.) C:\Windows\System32\java.exe () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\eclipse\eclipse.exe (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\tools\emulator-arm.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-30] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801408 2012-03-30] (Atheros Commnucations) HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.) HKLM\...\Run: [Ocs_SM] => C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe [106496 2013-02-11] (OCS) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation) HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-21] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS) HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-08-14] (ASUS) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2011-12-31] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504 2013-01-11] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184 2012-10-17] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [165624 2014-08-14] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3773635360-3589719687-3993712204-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174296 2014-03-04] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [148016 2014-03-04] (NVIDIA Corporation) Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x250A1C6CB039CF01 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - DefaultScope {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse SearchScopes: HKLM-x32 - {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse SearchScopes: HKCU - DefaultScope {B92A71DE-23FC-489F-B537-FE350C74BDF0} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE885&p={SearchTerms} SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1B867F27-220C-4C3E-BF9F-407DCD78558A&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {B92A71DE-23FC-489F-B537-FE350C74BDF0} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE885&p={SearchTerms} BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: DNS Error Helper -> {9B6B03F1-16CF-4491-BBBB-E872802DD717} -> C:\ProgramData\DNSErrorHelper\bho.dll () BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF user.js: detected! => C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\user.js FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\98941506-d865-4ffd-a8db-da5a32d4be77.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\google-default.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{002E3E7B-A688-49FC-8BE9-CCA7EBB47BEC}.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{3CED5DB9-007E-40CB-8CBB-4AF88EE949DE}.xml FF SearchPlugin: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{76E1CA73-5A2E-4CCC-8400-FC1BCEAA9571}.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\abs@avira.com [2014-09-04] FF Extension: FoxyProxy Standard - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\foxyproxy@eric.h.jung [2014-09-06] FF Extension: ProxTube - Unblock YouTube - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\ich@maltegoetz.de [2013-12-12] FF Extension: Preispilot - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\extension@preispilot.com.xpi [2013-02-12] FF Extension: NoSquint - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\nosquint@urandom.ca.xpi [2013-02-10] FF Extension: Adblock Plus - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-29] FF Extension: Adblock Edge - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-06-21] FF HKLM-x32\...\Firefox\Extensions: [dnshelp@dnshelp.com] - C:\Users\*****\AppData\Roaming\Helper FF Extension: Helper - C:\Users\*****\AppData\Roaming\Helper [2013-02-11] FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF HKCU\...\Firefox\Extensions: [firejump@firejump.net] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\extensions\firejump@firejump.net FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\extensions\extension@preispilot.com FF HKCU\...\Firefox\Extensions: [lrcfan@fansoft.br] - C:\Program Files (x86)\LyricsFan\FF FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [nfeonecgpoepapkmdgdmjolonaakdknd] - C:\Program Files (x86)\LyricsFan\Chrome.crx [] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-17] (Adobe Systems) [File not signed] R3 AeLookupSvc; C:\Windows\System32\aelupsvc.dll [72192 2009-07-14] (Microsoft Corporation) [File not signed] S3 ALG; C:\Windows\System32\alg.exe [79360 2009-07-14] (Microsoft Corporation) [File not signed] R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG) S3 AppIDSvc; C:\Windows\System32\appidsvc.dll [32256 2009-07-14] (Microsoft Corporation) [File not signed] R3 Appinfo; C:\Windows\System32\appinfo.dll [70144 2013-02-27] (Microsoft Corporation) [File not signed] R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS) R2 AudioEndpointBuilder; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed] R2 AudioSrv; C:\Windows\System32\Audiosrv.dll [679424 2010-11-20] (Microsoft Corporation) [File not signed] R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [158000 2014-08-14] (Avira Operations GmbH & Co. KG) S3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114688 2010-11-20] (Microsoft Corporation) [File not signed] S3 BDESVC; C:\Windows\System32\bdesvc.dll [100864 2009-07-14] (Microsoft Corporation) [File not signed] R2 BFE; C:\Windows\System32\bfe.dll [705024 2010-11-20] (Microsoft Corporation) [File not signed] R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.) R3 BITS; C:\Windows\System32\qmgr.dll [849920 2010-11-20] (Microsoft Corporation) [File not signed] R3 Browser; C:\Windows\System32\browser.dll [136704 2012-07-05] (Microsoft Corporation) [File not signed] S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.) R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.) R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.) R3 bthserv; C:\Windows\system32\bthserv.dll [83968 2009-07-14] (Microsoft Corporation) [File not signed] R2 CertPropSvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed] S3 COMSysApp; C:\Windows\system32\dllhost.exe [9728 2009-07-14] (Microsoft Corporation) [File not signed] S3 COMSysApp; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-14] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [184320 2013-07-09] (Microsoft Corporation) [File not signed] R2 CryptSvc; C:\Windows\SysWOW64\cryptsvc.dll [140288 2013-07-09] (Microsoft Corporation) [File not signed] R2 DcomLaunch; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed] S3 defragsvc; C:\Windows\System32\defragsvc.dll [291328 2009-07-14] (Microsoft Corporation) [File not signed] R2 Dhcp; C:\Windows\system32\dhcpcore.dll [317952 2010-11-20] (Microsoft Corporation) [File not signed] R2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [254464 2010-11-20] (Microsoft Corporation) [File not signed] R2 Dnscache; C:\Windows\System32\dnsrslvr.dll [183296 2012-02-24] (Microsoft Corporation) [File not signed] S3 dot3svc; C:\Windows\System32\dot3svc.dll [252416 2010-11-20] (Microsoft Corporation) [File not signed] R2 DPS; C:\Windows\system32\dps.dll [162816 2010-11-20] (Microsoft Corporation) [File not signed] R3 EapHost; C:\Windows\System32\eapsvc.dll [111104 2009-07-14] (Microsoft Corporation) [File not signed] S3 EFS; C:\Windows\System32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S3 ehRecvr; C:\Windows\ehome\ehRecvr.exe [696832 2010-11-20] (Microsoft Corporation) [File not signed] S3 ehSched; C:\Windows\ehome\ehsched.exe [127488 2009-07-14] (Microsoft Corporation) [File not signed] R2 eventlog; C:\Windows\System32\wevtsvc.dll [1646080 2010-11-20] (Microsoft Corporation) [File not signed] R2 EventSystem; C:\Windows\system32\es.dll [402944 2009-07-14] (Microsoft Corporation) [File not signed] R2 EventSystem; C:\Windows\SysWOW64\es.dll [271360 2009-07-14] (Microsoft Corporation) [File not signed] S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed] S3 Fax; C:\Windows\system32\fxssvc.exe [689152 2010-11-20] (Microsoft Corporation) [File not signed] R3 fdPHost; C:\Windows\system32\fdPHost.dll [16384 2009-07-14] (Microsoft Corporation) [File not signed] R3 FDResPub; C:\Windows\system32\fdrespub.dll [34816 2009-07-14] (Microsoft Corporation) [File not signed] S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed] R2 FontCache; C:\Windows\system32\FntCache.dll [1175552 2013-01-13] (Microsoft Corporation) [File not signed] R2 gpsvc; C:\Windows\System32\gpsvc.dll [777728 2010-11-20] (Microsoft Corporation) [File not signed] R3 hidserv; C:\Windows\system32\hidserv.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed] R3 hidserv; C:\Windows\SysWOW64\hidserv.dll [49152 2009-07-14] (Microsoft Corporation) [File not signed] S3 hkmsvc; C:\Windows\system32\kmsvc.dll [90624 2010-11-20] (Microsoft Corporation) [File not signed] R3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [232448 2010-11-20] (Microsoft Corporation) [File not signed] R3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [187904 2010-11-20] (Microsoft Corporation) [File not signed] R3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [165376 2010-11-20] (Microsoft Corporation) [File not signed] S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [111616 2014-03-01] (Microsoft Corporation) [File not signed] R2 IKEEXT; C:\Windows\System32\ikeext.dll [859648 2013-10-12] (Microsoft Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () S3 IPBusEnum; C:\Windows\system32\ipbusenum.dll [101888 2009-07-14] (Microsoft Corporation) [File not signed] R2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [569344 2012-10-03] (Microsoft Corporation) [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R3 KeyIso; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S3 KtmRm; C:\Windows\system32\msdtckrm.dll [368640 2009-07-14] (Microsoft Corporation) [File not signed] R2 LanmanServer; C:\Windows\system32\srvsvc.dll [236032 2010-11-20] (Microsoft Corporation) [File not signed] R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [118784 2010-11-20] (Microsoft Corporation) [File not signed] S3 lltdsvc; C:\Windows\System32\lltdsvc.dll [300032 2009-07-14] (Microsoft Corporation) [File not signed] R2 lmhosts; C:\Windows\System32\lmhsvc.dll [23552 2009-07-14] (Microsoft Corporation) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.) S4 Mcx2Svc; C:\Windows\system32\Mcx2Svc.dll [84992 2010-11-20] (Microsoft Corporation) [File not signed] R2 MMCSS; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed] R2 MpsSvc; C:\Windows\system32\mpssvc.dll [828416 2010-11-20] (Microsoft Corporation) [File not signed] S3 MSDTC; C:\Windows\System32\msdtc.exe [141824 2009-07-14] (Microsoft Corporation) [File not signed] S3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [156672 2009-07-14] (Microsoft Corporation) [File not signed] S3 msiserver; C:\Windows\System32\msiexec.exe [128000 2010-11-20] (Microsoft Corporation) [File not signed] S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation) [File not signed] S3 napagent; C:\Windows\system32\qagentRT.dll [476160 2010-11-20] (Microsoft Corporation) [File not signed] S3 Netlogon; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R3 Netman; C:\Windows\System32\netman.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed] R3 netprofm; C:\Windows\System32\netprofm.dll [459776 2009-07-14] (Microsoft Corporation) [File not signed] R3 netprofm; C:\Windows\SysWOW64\netprofm.dll [360448 2009-07-14] (Microsoft Corporation) [File not signed] R2 NlaSvc; C:\Windows\System32\nlasvc.dll [303104 2012-10-03] (Microsoft Corporation) [File not signed] R2 nsi; C:\Windows\system32\nsisvc.dll [25600 2009-07-14] (Microsoft Corporation) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation) R3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed] S3 p2psvc; C:\Windows\system32\p2psvc.dll [438784 2009-07-14] (Microsoft Corporation) [File not signed] R2 PcaSvc; C:\Windows\System32\pcasvc.dll [186368 2009-07-14] (Microsoft Corporation) [File not signed] S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-14] (Microsoft Corporation) [File not signed] S3 pla; C:\Windows\system32\pla.dll [1389056 2010-11-20] (Microsoft Corporation) [File not signed] S3 pla; C:\Windows\SysWOW64\pla.dll [1508864 2010-11-20] (Microsoft Corporation) [File not signed] R2 PlugPlay; C:\Windows\system32\umpnpmgr.dll [404480 2012-02-24] (Microsoft Corporation) [File not signed] S3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [25088 2009-07-14] (Microsoft Corporation) [File not signed] S3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [327168 2009-07-14] (Microsoft Corporation) [File not signed] R3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [501248 2010-11-20] (Microsoft Corporation) [File not signed] R2 Power; C:\Windows\system32\umpo.dll [163840 2009-07-14] (Microsoft Corporation) [File not signed] R2 ProfSvc; C:\Windows\system32\profsvc.dll [209920 2012-05-01] (Microsoft Corporation) [File not signed] S3 ProtectedStorage; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S3 QWAVE; C:\Windows\system32\qwave.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed] S3 RasAuto; C:\Windows\System32\rasauto.dll [99328 2009-07-14] (Microsoft Corporation) [File not signed] S3 RasMan; C:\Windows\System32\rasmans.dll [344064 2010-11-20] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\Windows\System32\mprdim.dll [97792 2009-07-14] (Microsoft Corporation) [File not signed] S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed] S3 RemoteRegistry; C:\Windows\system32\regsvc.dll [159232 2009-07-14] (Microsoft Corporation) [File not signed] R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [67072 2009-07-14] (Microsoft Corporation) [File not signed] S3 RpcLocator; C:\Windows\system32\locator.exe [10240 2009-07-14] (Microsoft Corporation) [File not signed] R2 RpcSs; C:\Windows\system32\rpcss.dll [512000 2010-11-20] (Microsoft Corporation) [File not signed] R2 SamSs; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] R2 SCardSvr; C:\Windows\System32\SCardSvr.dll [190976 2009-07-14] (Microsoft Corporation) [File not signed] R2 Schedule; C:\Windows\system32\schedsvc.dll [1110016 2010-11-20] (Microsoft Corporation) [File not signed] S3 SCPolicySvc; C:\Windows\System32\certprop.dll [80384 2010-11-20] (Microsoft Corporation) [File not signed] R3 SDRSVC; C:\Windows\System32\SDRSVC.dll [170496 2010-11-20] (Microsoft Corporation) [File not signed] R2 SearchAnonymizer; C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [40960 2013-02-11] () [File not signed] S3 seclogon; C:\Windows\system32\seclogon.dll [30720 2010-11-20] (Microsoft Corporation) [File not signed] R2 SENS; C:\Windows\System32\sens.dll [64512 2009-07-14] (Microsoft Corporation) [File not signed] R2 SENS; C:\Windows\SysWOW64\sens.dll [49664 2009-07-14] (Microsoft Corporation) [File not signed] S3 SensrSvc; C:\Windows\system32\sensrsvc.dll [29184 2009-07-14] (Microsoft Corporation) [File not signed] S3 SessionEnv; C:\Windows\system32\sessenv.dll [121856 2010-11-20] (Microsoft Corporation) [File not signed] S3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [113664 2010-11-20] (Microsoft Corporation) [File not signed] S4 SharedAccess; C:\Windows\System32\ipnathlp.dll [359424 2009-07-14] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [370688 2010-11-20] (Microsoft Corporation) [File not signed] R2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [328192 2010-11-20] (Microsoft Corporation) [File not signed] S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [14336 2009-07-14] (Microsoft Corporation) [File not signed] R2 Spooler; C:\Windows\System32\spoolsv.exe [559104 2012-02-11] (Microsoft Corporation) [File not signed] S2 sppsvc; C:\Windows\system32\sppsvc.exe [3524608 2010-11-20] (Microsoft Corporation) [File not signed] S3 sppuinotify; C:\Windows\system32\sppuinotify.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed] R3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [193024 2009-07-14] (Microsoft Corporation) [File not signed] S3 SstpSvc; C:\Windows\system32\sstpsvc.dll [75264 2009-07-14] (Microsoft Corporation) [File not signed] R2 stisvc; C:\Windows\System32\wiaservc.dll [580096 2010-11-20] (Microsoft Corporation) [File not signed] S3 swprv; C:\Windows\System32\swprv.dll [524288 2009-07-14] (Microsoft Corporation) [File not signed] R2 SysMain; C:\Windows\system32\sysmain.dll [1743360 2010-11-20] (Microsoft Corporation) [File not signed] R2 TabletInputService; C:\Windows\System32\TabSvc.dll [92672 2010-11-20] (Microsoft Corporation) [File not signed] S3 TapiSrv; C:\Windows\System32\tapisrv.dll [316928 2010-11-20] (Microsoft Corporation) [File not signed] S3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [242176 2010-11-20] (Microsoft Corporation) [File not signed] S3 TBS; C:\Windows\System32\tbssvc.dll [65536 2009-07-14] (Microsoft Corporation) [File not signed] S3 TermService; C:\Windows\System32\termsrv.dll [680960 2010-11-20] (Microsoft Corporation) [File not signed] R2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-14] (Microsoft Corporation) [File not signed] S3 THREADORDER; C:\Windows\system32\mmcss.dll [67584 2009-07-14] (Microsoft Corporation) [File not signed] R2 TrkWks; C:\Windows\System32\trkwks.dll [119808 2009-07-14] (Microsoft Corporation) [File not signed] S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [194048 2010-11-20] (Microsoft Corporation) [File not signed] S3 UI0Detect; C:\Windows\system32\UI0Detect.exe [40960 2009-07-14] (Microsoft Corporation) [File not signed] R3 upnphost; C:\Windows\System32\upnphost.dll [353792 2009-07-14] (Microsoft Corporation) [File not signed] R3 upnphost; C:\Windows\SysWOW64\upnphost.dll [266752 2009-07-14] (Microsoft Corporation) [File not signed] R2 UxSms; C:\Windows\System32\uxsms.dll [38912 2009-07-14] (Microsoft Corporation) [File not signed] S3 VaultSvc; C:\Windows\system32\lsass.exe [30720 2013-09-25] (Microsoft Corporation) [File not signed] S3 vds; C:\Windows\System32\vds.exe [533504 2010-11-20] (Microsoft Corporation) [File not signed] S3 VSS; C:\Windows\system32\vssvc.exe [1600512 2010-11-20] (Microsoft Corporation) [File not signed] S3 W32Time; C:\Windows\system32\w32time.dll [381952 2009-07-14] (Microsoft Corporation) [File not signed] S3 wbengine; C:\Windows\system32\wbengine.exe [1504256 2010-11-20] (Microsoft Corporation) [File not signed] S3 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [202240 2009-07-14] (Microsoft Corporation) [File not signed] R3 wcncsvc; C:\Windows\System32\wcncsvc.dll [367104 2010-11-20] (Microsoft Corporation) [File not signed] R3 wcncsvc; C:\Windows\SysWOW64\wcncsvc.dll [276992 2010-11-20] (Microsoft Corporation) [File not signed] S3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [40960 2009-07-14] (Microsoft Corporation) [File not signed] S3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [32768 2009-07-14] (Microsoft Corporation) [File not signed] R3 WdiServiceHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed] R3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed] S3 WdiSystemHost; C:\Windows\system32\wdi.dll [90624 2009-07-14] (Microsoft Corporation) [File not signed] S3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [76288 2009-07-14] (Microsoft Corporation) [File not signed] S3 WebClient; C:\Windows\System32\webclnt.dll [259584 2013-07-04] (Microsoft Corporation) [File not signed] S3 WebClient; C:\Windows\SysWOW64\webclnt.dll [205824 2013-07-04] (Microsoft Corporation) [File not signed] S3 Wecsvc; C:\Windows\system32\wecsvc.dll [237568 2009-07-14] (Microsoft Corporation) [File not signed] S3 wercplsupport; C:\Windows\System32\wercplsupport.dll [84480 2009-07-14] (Microsoft Corporation) [File not signed] S3 WerSvc; C:\Windows\System32\WerSvc.dll [76800 2009-07-14] (Microsoft Corporation) [File not signed] S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) [File not signed] S3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [444416 2010-11-20] (Microsoft Corporation) [File not signed] S3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [351232 2010-11-20] (Microsoft Corporation) [File not signed] R2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [242688 2009-07-14] (Microsoft Corporation) [File not signed] S3 WinRM; C:\Windows\system32\WsmSvc.dll [2018304 2010-11-20] (Microsoft Corporation) [File not signed] S3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [1175040 2010-11-20] (Microsoft Corporation) [File not signed] R2 Wlansvc; C:\Windows\System32\wlansvc.dll [886784 2009-07-14] (Microsoft Corporation) [File not signed] S3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [203264 2009-07-14] (Microsoft Corporation) [File not signed] R2 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1525248 2010-11-20] (Microsoft Corporation) [File not signed] S3 WPCSvc; C:\Windows\System32\wpcsvc.dll [12288 2009-07-14] (Microsoft Corporation) [File not signed] S3 WPCSvc; C:\Windows\SysWOW64\wpcsvc.dll [10752 2009-07-14] (Microsoft Corporation) [File not signed] S3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [117248 2010-11-20] (Microsoft Corporation) [File not signed] R2 wscsvc; C:\Windows\System32\wscsvc.dll [97280 2009-07-14] (Microsoft Corporation) [File not signed] R2 WSearch; C:\Windows\system32\SearchIndexer.exe [591872 2012-02-24] (Microsoft Corporation) [File not signed] R2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [427520 2012-02-24] (Microsoft Corporation) [File not signed] R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.) S3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [84992 2012-07-26] (Microsoft Corporation) [File not signed] S3 WwanSvc; C:\Windows\System32\wwansvc.dll [228864 2014-01-28] (Microsoft Corporation) [File not signed] R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-30] (Atheros) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [229888 2010-11-20] (Microsoft Corporation) [File not signed] R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) S3 AcpiPmi; C:\Windows\system32\drivers\acpipmi.sys [12800 2010-11-20] (Microsoft Corporation) [File not signed] R1 AFD; C:\Windows\system32\drivers\afd.sys [497152 2013-09-28] (Microsoft Corporation) [File not signed] S3 AgereSoftModem; C:\Windows\System32\DRIVERS\agrsm64.sys [1146880 2009-06-10] (LSI Corp) [File not signed] R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.) S3 AmdK8; C:\Windows\system32\drivers\amdk8.sys [64512 2009-07-14] (Microsoft Corporation) [File not signed] S3 AmdPPM; C:\Windows\system32\drivers\amdppm.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed] S3 AppID; C:\Windows\system32\drivers\appid.sys [61440 2010-11-20] (Microsoft Corporation) [File not signed] R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows (R) Win 7 DDK provider) R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-12] (Windows (R) Win 7 DDK provider) S3 AsyncMac; C:\Windows\System32\DRIVERS\asyncmac.sys [23040 2009-07-14] (Microsoft Corporation) [File not signed] R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [2808832 2012-03-21] (Atheros Communications, Inc.) [File not signed] R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG) S3 b06bdrv; C:\Windows\system32\drivers\bxvbda.sys [468480 2009-06-10] (Broadcom Corporation) [File not signed] S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] (Broadcom Corporation) [File not signed] R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-14] (Microsoft Corporation) [File not signed] R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-14] (Microsoft Corporation) [File not signed] R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2012-02-24] (Microsoft Corporation) [File not signed] S3 BrFiltLo; C:\Windows\system32\drivers\BrFiltLo.sys [18432 2009-06-10] (Brother Industries, Ltd.) [File not signed] S3 BrFiltUp; C:\Windows\system32\drivers\BrFiltUp.sys [8704 2009-06-10] (Brother Industries, Ltd.) [File not signed] S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-14] (Brother Industries Ltd.) [File not signed] S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] (Brother Industries Ltd.) [File not signed] S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] (Brother Industries Ltd.) [File not signed] S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] (Brother Industries Ltd.) [File not signed] R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems) S3 BthEnum; C:\Windows\system32\drivers\BthEnum.sys [41984 2009-07-14] (Microsoft Corporation) [File not signed] S3 BTHMODEM; C:\Windows\System32\DRIVERS\bthmodem.sys [72192 2009-07-14] (Microsoft Corporation) [File not signed] S3 BthPan; C:\Windows\System32\DRIVERS\bthpan.sys [118784 2009-07-14] (Microsoft Corporation) [File not signed] S3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [552960 2012-07-06] (Microsoft Corporation) [File not signed] S3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [80384 2012-02-24] (Microsoft Corporation) [File not signed] S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-14] (Microsoft Corporation) [File not signed] R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2010-11-20] (Microsoft Corporation) [File not signed] S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-14] (Microsoft Corporation) [File not signed] R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-14] (Microsoft Corporation) [File not signed] R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2010-11-20] (Microsoft Corporation) [File not signed] R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2010-11-20] (Microsoft Corporation) [File not signed] R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed] S3 drmkaud; C:\Windows\system32\drivers\drmkaud.sys [5632 2009-07-14] (Microsoft Corporation) [File not signed] S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) [File not signed] S3 ErrDev; C:\Windows\system32\drivers\errdev.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed] S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-14] (Microsoft Corporation) [File not signed] R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-14] (Microsoft Corporation) [File not signed] S3 fdc; C:\Windows\system32\drivers\fdc.sys [29696 2009-07-14] (Microsoft Corporation) [File not signed] S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-14] (Microsoft Corporation) [File not signed] S3 flpydisk; C:\Windows\system32\drivers\flpydisk.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed] S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] (Hauppauge Computer Works, Inc.) [File not signed] S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [350208 2010-11-20] (Microsoft Corporation) [File not signed] R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2010-11-20] (Microsoft Corporation) [File not signed] S3 HidBatt; C:\Windows\system32\drivers\HidBatt.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed] S3 HidBth; C:\Windows\system32\drivers\hidbth.sys [100864 2009-07-14] (Microsoft Corporation) [File not signed] S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed] S3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2010-11-20] (Microsoft Corporation) [File not signed] R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [753664 2010-11-20] (Microsoft Corporation) [File not signed] R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-14] (Microsoft Corporation) [File not signed] R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [4221440 2014-01-22] (Intel Corporation) [File not signed] R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-14] (Microsoft Corporation) [File not signed] S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2010-11-20] (Microsoft Corporation) [File not signed] S3 IPMIDRV; C:\Windows\system32\drivers\IPMIDrv.sys [78848 2010-11-20] (Microsoft Corporation) [File not signed] S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-14] (Microsoft Corporation) [File not signed] S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-14] (Microsoft Corporation) [File not signed] R3 kbdhid; C:\Windows\System32\DRIVERS\kbdhid.sys [33280 2010-11-20] (Microsoft Corporation) [File not signed] R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-14] (Microsoft Corporation) [File not signed] R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-14] (Microsoft Corporation) [File not signed] R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-14] (Microsoft Corporation) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-08] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-14] (Microsoft Corporation) [File not signed] R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-14] (Microsoft Corporation) [File not signed] R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-14] (Microsoft Corporation) [File not signed] R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-14] (Microsoft Corporation) [File not signed] S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2013-07-04] (Microsoft Corporation) [File not signed] R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [158208 2012-02-24] (Microsoft Corporation) [File not signed] R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [288768 2012-02-24] (Microsoft Corporation) [File not signed] R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [128000 2012-02-24] (Microsoft Corporation) [File not signed] R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-14] (Microsoft Corporation) [File not signed] R3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed] S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-14] (Microsoft Corporation) [File not signed] S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-14] (Microsoft Corporation) [File not signed] S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-14] (Microsoft Corporation) [File not signed] S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-14] (Microsoft Corporation) [File not signed] S3 MTConfig; C:\Windows\system32\drivers\MTConfig.sys [15360 2009-07-14] (Microsoft Corporation) [File not signed] R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-14] (Microsoft Corporation) [File not signed] S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-14] (Microsoft Corporation) [File not signed] R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed] R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56832 2010-11-20] (Microsoft Corporation) [File not signed] R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2010-11-20] (Microsoft Corporation) [File not signed] R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2010-11-20] (Microsoft Corporation) [File not signed] R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-14] (Microsoft Corporation) [File not signed] R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [261632 2010-11-20] (Microsoft Corporation) [File not signed] R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-14] (Microsoft Corporation) [File not signed] R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed] R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-14] (Microsoft Corporation) [File not signed] R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [300320 2014-03-04] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation) S3 ohci1394; C:\Windows\system32\drivers\ohci1394.sys [72832 2009-07-14] (Microsoft Corporation) [File not signed] S3 Parport; C:\Windows\system32\drivers\parport.sys [97280 2009-07-14] (Microsoft Corporation) [File not signed] R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-14] (Microsoft Corporation) [File not signed] R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111104 2010-11-20] (Microsoft Corporation) [File not signed] S3 Processor; C:\Windows\system32\drivers\processr.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed] R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2010-11-20] (Microsoft Corporation) [File not signed] S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-14] (Microsoft Corporation) [File not signed] S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-14] (Microsoft Corporation) [File not signed] R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-14] (Microsoft Corporation) [File not signed] R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [129536 2010-11-20] (Microsoft Corporation) [File not signed] R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-14] (Microsoft Corporation) [File not signed] R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-14] (Microsoft Corporation) [File not signed] R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2010-11-20] (Microsoft Corporation) [File not signed] S3 rdpbus; C:\Windows\system32\drivers\rdpbus.sys [24064 2009-07-14] (Microsoft Corporation) [File not signed] R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed] R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-14] (Microsoft Corporation) [File not signed] R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-14] (Microsoft Corporation) [File not signed] S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [210944 2012-04-28] (Microsoft Corporation) [File not signed] R3 RFCOMM; C:\Windows\System32\DRIVERS\rfcomm.sys [158720 2009-07-14] (Microsoft Corporation) [File not signed] R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-14] (Microsoft Corporation) [File not signed] S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2010-11-20] (Microsoft Corporation) [File not signed] R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] S3 Serenum; C:\Windows\system32\drivers\serenum.sys [23552 2009-07-14] (Microsoft Corporation) [File not signed] S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Microsoft Corporation) [File not signed] S3 sermouse; C:\Windows\system32\drivers\sermouse.sys [26624 2009-07-14] (Microsoft Corporation) [File not signed] S3 sffdisk; C:\Windows\system32\drivers\sffdisk.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed] S3 sffp_mmc; C:\Windows\system32\drivers\sffp_mmc.sys [13824 2009-07-14] (Microsoft Corporation) [File not signed] S3 sffp_sd; C:\Windows\system32\drivers\sffp_sd.sys [14336 2010-11-20] (Microsoft Corporation) [File not signed] S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-14] (Microsoft Corporation) [File not signed] S3 SiSGbeLH; C:\Windows\System32\DRIVERS\SiSG664.sys [56832 2009-06-10] (Silicon Integrated Systems Corp.) [File not signed] S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-14] (Microsoft Corporation) [File not signed] R3 srv; C:\Windows\System32\DRIVERS\srv.sys [467456 2012-02-24] (Microsoft Corporation) [File not signed] R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [410112 2012-02-24] (Microsoft Corporation) [File not signed] R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [168448 2012-02-24] (Microsoft Corporation) [File not signed] R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [45568 2012-10-03] (Microsoft Corporation) [File not signed] S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-14] (Microsoft Corporation) [File not signed] S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-17] (Microsoft Corporation) [File not signed] R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [119296 2010-11-20] (Microsoft Corporation) [File not signed] S3 TPM; C:\Windows\System32\drivers\tpm.sys [38400 2009-07-14] (Microsoft Corporation) [File not signed] S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [39936 2013-06-15] (Microsoft Corporation) [File not signed] S3 TsUsbFlt; C:\Windows\System32\drivers\tsusbflt.sys [59392 2010-11-20] (Microsoft Corporation) [File not signed] S3 TsUsbGD; C:\Windows\system32\drivers\TsUsbGD.sys [31232 2010-11-20] (Microsoft Corporation) [File not signed] S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2010-11-20] (Microsoft Corporation) [File not signed] S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [328192 2010-11-20] (Microsoft Corporation) [File not signed] R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] (Microsoft Corporation) [File not signed] S3 UmPass; C:\Windows\system32\drivers\umpass.sys [9728 2009-07-14] (Microsoft Corporation) [File not signed] R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-27] (Microsoft Corporation) [File not signed] S3 usbcir; C:\Windows\system32\drivers\usbcir.sys [100864 2013-07-12] (Microsoft Corporation) [File not signed] R3 usbehci; C:\Windows\system32\drivers\usbehci.sys [53248 2013-11-27] (Microsoft Corporation) [File not signed] R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2013-11-27] (Microsoft Corporation) [File not signed] S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2013-11-27] (Microsoft Corporation) [File not signed] S3 usbprint; C:\Windows\system32\drivers\usbprint.sys [25088 2009-07-14] (Microsoft Corporation) [File not signed] S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91648 2012-02-24] (Microsoft Corporation) [File not signed] S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2013-11-27] (Microsoft Corporation) [File not signed] R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] (Microsoft Corporation) [File not signed] S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed] R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-14] (Microsoft Corporation) [File not signed] R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-14] (Microsoft Corporation) [File not signed] R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-14] (Microsoft Corporation) [File not signed] S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [27776 2009-07-14] (Microsoft Corporation) [File not signed] S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed] R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2010-11-20] (Microsoft Corporation) [File not signed] R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-14] (Microsoft Corporation) [File not signed] S3 WinUsb; C:\Windows\System32\DRIVERS\WinUSB.sys [41984 2010-11-20] (Microsoft Corporation) [File not signed] R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-14] (Microsoft Corporation) [File not signed] S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-14] (Microsoft Corporation) [File not signed] S3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [87040 2012-07-26] (Microsoft Corporation) [File not signed] S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-26] (Microsoft Corporation) [File not signed] S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X] S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 18:11 - 2014-09-08 18:12 - 00065388 _____ () C:\Users\*****\Downloads\FRST.txt 2014-09-08 18:11 - 2014-09-08 18:12 - 00000000 ____D () C:\FRST 2014-09-08 18:11 - 2014-09-08 18:11 - 02105344 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe 2014-09-08 17:55 - 2014-09-08 17:56 - 00000000 ____D () C:\Users\*****\Desktop\workspace 2014-09-08 17:20 - 2014-09-08 17:22 - 00000478 _____ () C:\Users\*****\Downloads\defogger_disable.log 2014-09-08 17:20 - 2014-09-08 17:20 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-09-08 17:10 - 2014-09-08 17:10 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe 2014-09-08 15:28 - 2014-09-08 17:29 - 00000000 ____D () C:\Users\*****\.android 2014-09-08 15:19 - 2014-09-08 15:19 - 00000000 ____D () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702 2014-09-08 15:09 - 2014-09-08 15:18 - 370763706 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702.zip 2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\*****\Downloads\eclipse-SDK-4.2.1-win32-x86_64 2014-09-08 14:46 - 2014-09-08 14:51 - 192039575 _____ () C:\Users\*****\Downloads\eclipse-SDK-4.2.1-win32-x86_64.zip 2014-09-08 14:40 - 2014-09-08 14:40 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-09-08 14:40 - 2014-09-08 14:40 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-09-08 14:40 - 2014-09-08 14:40 - 00196528 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00000000 ____D () C:\Program Files\Java 2014-09-08 14:39 - 2014-09-08 14:39 - 17355184 _____ (Sun Microsystems, Inc.) C:\Users\*****\Downloads\jre-6u45-windows-x64.exe 2014-09-08 03:59 - 2014-09-08 03:59 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-6 2014-09-08 03:57 - 2014-09-08 03:58 - 05237645 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-6.zip 2014-09-08 03:54 - 2014-09-08 03:54 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-9 2014-09-08 03:46 - 2014-09-08 03:47 - 05241659 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-9.zip 2014-09-08 03:28 - 2014-09-08 03:28 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-1 2014-09-08 02:46 - 2014-09-08 02:49 - 05235554 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-2.zip 2014-09-08 02:33 - 2014-09-08 02:38 - 12225471 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-1.zip 2014-09-08 02:05 - 2014-09-08 03:56 - 00000000 ____D () C:\Users\*****\workspace 2014-09-07 23:35 - 2014-09-07 23:36 - 00001639 _____ () C:\Users\*****\Desktop\map1.txt 2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\20cf004b03143b5f40 2014-09-07 21:37 - 2014-09-07 21:39 - 07740264 _____ (Microsoft Corporation) C:\Users\*****\Downloads\WindowsUpdateAgent30-x64.exe 2014-09-07 21:33 - 2014-09-07 21:33 - 95320394 _____ () C:\Users\*****\Desktop\COMPONENTS.reg 2014-09-07 21:04 - 2014-09-07 21:05 - 00689664 _____ () C:\Users\*****\Downloads\MicrosoftFixit50202.msi 2014-09-07 20:12 - 2014-09-07 20:17 - 13849784 _____ (Microsoft Corporation) C:\Users\*****\Downloads\mseinstall(1).exe 2014-09-07 19:32 - 2014-09-07 19:32 - 00000000 ____D () C:\Users\*****\Downloads\L27 2014-09-07 18:12 - 2014-09-07 18:12 - 00000000 ____D () C:\Users\*****\Downloads\L5 2014-09-07 18:11 - 2014-09-07 18:12 - 05054706 _____ () C:\Users\*****\Downloads\L5.zip 2014-09-07 16:52 - 2014-09-07 16:52 - 00000000 ____D () C:\Users\*****\Downloads\L4 2014-09-07 16:50 - 2014-09-07 16:52 - 04958141 _____ () C:\Users\*****\Downloads\L4.zip 2014-09-07 00:48 - 2014-09-07 00:48 - 00000155 _____ () C:\Users\*****\.appletviewer 2014-09-06 14:28 - 2014-09-06 14:28 - 00000000 ____D () C:\Users\*****\Desktop\eclipse-standard-luna-R-win32-x86_64 2014-09-06 03:19 - 2014-09-06 06:25 - 215807131 _____ () C:\Users\*****\Downloads\eclipse-standard-luna-R-win32-x86_64.zip 2014-09-05 14:06 - 2014-09-05 14:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 05:30 - 2014-09-08 13:49 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-05 05:30 - 2014-09-05 05:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 05:30 - 2014-09-05 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 04:27 - 2014-09-05 05:29 - 164038912 _____ (Emsisoft GmbH ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-05 04:24 - 2014-09-05 16:28 - 00042237 _____ () C:\Users\*****\Desktop\mbam.txt 2014-09-05 04:16 - 2014-09-05 04:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-09-05 03:21 - 2014-09-08 18:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-05 03:20 - 2014-09-05 04:26 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 03:20 - 2014-09-05 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 03:20 - 2014-09-05 04:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 03:20 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 03:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-05 03:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-05 03:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-05 03:13 - 2014-09-05 03:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 02:42 - 2014-09-05 02:53 - 00000000 ____D () C:\Users\*****\Downloads\cports-x64 2014-09-05 02:42 - 2014-09-05 02:42 - 00107492 _____ () C:\Users\*****\Downloads\cports-x64.zip 2014-08-28 18:46 - 2014-08-28 18:47 - 00659456 _____ (Speed Guide Inc.) C:\Users\*****\Downloads\TCPOptimizer.exe 2014-08-28 14:30 - 2014-08-28 14:29 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-08-27 21:31 - 2014-08-27 22:02 - 00000000 ____D () C:\Users\*****\Downloads\TL-WR702N_V1_130527_Beta 2014-08-25 20:11 - 2014-08-25 20:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira 2014-08-25 20:08 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-08-25 20:08 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-25 20:08 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-08-25 19:06 - 2014-08-25 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-25 19:06 - 2014-08-25 20:08 - 00000000 ____D () C:\ProgramData\Avira 2014-08-25 19:06 - 2014-08-25 20:08 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-25 19:06 - 2014-08-25 19:06 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-25 19:06 - 2014-08-25 19:06 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-25 19:04 - 2014-08-25 19:05 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\*****\Downloads\avira_de_av___ws.exe 2014-08-25 18:55 - 2014-08-25 18:55 - 00000000 ____D () C:\Users\*****\Downloads\mse-install45 2014-08-25 18:52 - 2014-08-25 18:57 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-25 18:50 - 2014-08-25 18:55 - 24625644 _____ () C:\Users\*****\Downloads\mse-install45.zip 2014-08-25 18:50 - 2014-08-25 18:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DesktopIconGoodgame 2014-08-25 18:49 - 2014-08-25 18:49 - 01101648 _____ () C:\Users\*****\Downloads\Microsoft Security Essentials - CHIP-Installer.exe 2014-08-25 05:15 - 2014-09-07 20:56 - 00002115 _____ () C:\Windows\epplauncher.mif 2014-08-25 05:10 - 2014-08-25 05:14 - 13849784 _____ (Microsoft Corporation) C:\Users\*****\Downloads\mseinstall.exe 2014-08-10 15:16 - 2014-08-10 15:16 - 00285696 _____ () C:\Windows\Minidump\081014-55021-01.dmp ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-08 18:12 - 2014-09-08 18:11 - 00065388 _____ () C:\Users\*****\Downloads\FRST.txt 2014-09-08 18:12 - 2014-09-08 18:11 - 00000000 ____D () C:\FRST 2014-09-08 18:11 - 2014-09-08 18:11 - 02105344 _____ (Farbar) C:\Users\*****\Downloads\FRST64.exe 2014-09-08 18:03 - 2014-09-05 03:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-08 17:59 - 2012-08-14 17:28 - 01715585 _____ () C:\Windows\WindowsUpdate.log 2014-09-08 17:56 - 2014-09-08 17:55 - 00000000 ____D () C:\Users\*****\Desktop\workspace 2014-09-08 17:29 - 2014-09-08 15:28 - 00000000 ____D () C:\Users\*****\.android 2014-09-08 17:25 - 2013-02-09 23:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-08 17:22 - 2014-09-08 17:20 - 00000478 _____ () C:\Users\*****\Downloads\defogger_disable.log 2014-09-08 17:20 - 2014-09-08 17:20 - 00000000 _____ () C:\Users\*****\defogger_reenable 2014-09-08 17:20 - 2013-02-09 21:45 - 00000000 ____D () C:\Users\***** 2014-09-08 17:18 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-08 17:10 - 2014-09-08 17:10 - 00050477 _____ () C:\Users\*****\Downloads\Defogger.exe 2014-09-08 15:19 - 2014-09-08 15:19 - 00000000 ____D () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702 2014-09-08 15:18 - 2014-09-08 15:09 - 370763706 _____ () C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702.zip 2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\*****\Downloads\eclipse-SDK-4.2.1-win32-x86_64 2014-09-08 14:51 - 2014-09-08 14:46 - 192039575 _____ () C:\Users\*****\Downloads\eclipse-SDK-4.2.1-win32-x86_64.zip 2014-09-08 14:40 - 2014-09-08 14:40 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll 2014-09-08 14:40 - 2014-09-08 14:40 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll 2014-09-08 14:40 - 2014-09-08 14:40 - 00196528 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe 2014-09-08 14:40 - 2014-09-08 14:40 - 00000000 ____D () C:\Program Files\Java 2014-09-08 14:39 - 2014-09-08 14:39 - 17355184 _____ (Sun Microsystems, Inc.) C:\Users\*****\Downloads\jre-6u45-windows-x64.exe 2014-09-08 14:35 - 2013-02-17 00:52 - 00000000 ____D () C:\Program Files (x86)\Java 2014-09-08 13:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-08 13:57 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-08 13:50 - 2013-02-09 23:14 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype 2014-09-08 13:49 - 2014-09-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware 2014-09-08 13:49 - 2009-07-14 06:51 - 00106482 _____ () C:\Windows\setupact.log 2014-09-08 13:47 - 2013-06-22 16:23 - 00000000 ____D () C:\Users\*****\AppData\Roaming\WTablet 2014-09-08 13:46 - 2013-02-09 21:49 - 00000387 _____ () C:\Users\*****\AppData\Roaming\sp_data.sys 2014-09-08 13:46 - 2012-08-14 17:33 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-09-08 13:46 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-08 13:45 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-08 13:44 - 2012-08-14 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-09-08 13:44 - 2012-02-24 03:34 - 00346466 _____ () C:\Windows\PFRO.log 2014-09-08 03:59 - 2014-09-08 03:59 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-6 2014-09-08 03:58 - 2014-09-08 03:57 - 05237645 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-6.zip 2014-09-08 03:56 - 2014-09-08 02:05 - 00000000 ____D () C:\Users\*****\workspace 2014-09-08 03:54 - 2014-09-08 03:54 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-9 2014-09-08 03:47 - 2014-09-08 03:46 - 05241659 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-9.zip 2014-09-08 03:32 - 2013-02-09 23:48 - 00000000 ____D () C:\Users\*****\AppData\Local\CrashDumps 2014-09-08 03:28 - 2014-09-08 03:28 - 00000000 ____D () C:\Users\*****\Downloads\Kapitel-3-Lektion-1 2014-09-08 02:49 - 2014-09-08 02:46 - 05235554 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-2.zip 2014-09-08 02:38 - 2014-09-08 02:33 - 12225471 _____ () C:\Users\*****\Downloads\Kapitel-3-Lektion-1.zip 2014-09-07 23:36 - 2014-09-07 23:35 - 00001639 _____ () C:\Users\*****\Desktop\map1.txt 2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\20cf004b03143b5f40 2014-09-07 21:39 - 2014-09-07 21:37 - 07740264 _____ (Microsoft Corporation) C:\Users\*****\Downloads\WindowsUpdateAgent30-x64.exe 2014-09-07 21:33 - 2014-09-07 21:33 - 95320394 _____ () C:\Users\*****\Desktop\COMPONENTS.reg 2014-09-07 21:05 - 2014-09-07 21:04 - 00689664 _____ () C:\Users\*****\Downloads\MicrosoftFixit50202.msi 2014-09-07 20:56 - 2014-08-25 05:15 - 00002115 _____ () C:\Windows\epplauncher.mif 2014-09-07 20:29 - 2011-02-19 06:24 - 07663150 _____ () C:\Windows\system32\perfh007.dat 2014-09-07 20:29 - 2011-02-19 06:24 - 02385206 _____ () C:\Windows\system32\perfc007.dat 2014-09-07 20:29 - 2009-07-14 07:13 - 00006488 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-07 20:26 - 2012-02-24 04:51 - 00000000 ____D () C:\ProgramData\McAfee 2014-09-07 20:24 - 2014-02-28 05:20 - 00000306 __RSH () C:\ProgramData\ntuser.pol 2014-09-07 20:17 - 2014-09-07 20:12 - 13849784 _____ (Microsoft Corporation) C:\Users\*****\Downloads\mseinstall(1).exe 2014-09-07 19:54 - 2013-02-09 21:49 - 00000000 ____D () C:\Users\*****\Documents\Bluetooth Folder 2014-09-07 19:32 - 2014-09-07 19:32 - 00000000 ____D () C:\Users\*****\Downloads\L27 2014-09-07 18:12 - 2014-09-07 18:12 - 00000000 ____D () C:\Users\*****\Downloads\L5 2014-09-07 18:12 - 2014-09-07 18:11 - 05054706 _____ () C:\Users\*****\Downloads\L5.zip 2014-09-07 16:52 - 2014-09-07 16:52 - 00000000 ____D () C:\Users\*****\Downloads\L4 2014-09-07 16:52 - 2014-09-07 16:50 - 04958141 _____ () C:\Users\*****\Downloads\L4.zip 2014-09-07 12:02 - 2012-08-14 17:33 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-09-07 00:48 - 2014-09-07 00:48 - 00000155 _____ () C:\Users\*****\.appletviewer 2014-09-06 14:28 - 2014-09-06 14:28 - 00000000 ____D () C:\Users\*****\Desktop\eclipse-standard-luna-R-win32-x86_64 2014-09-06 06:25 - 2014-09-06 03:19 - 215807131 _____ () C:\Users\*****\Downloads\eclipse-standard-luna-R-win32-x86_64.zip 2014-09-05 16:28 - 2014-09-05 04:24 - 00042237 _____ () C:\Users\*****\Desktop\mbam.txt 2014-09-05 14:06 - 2014-09-05 14:06 - 00000000 ____D () C:\ProgramData\Emsisoft 2014-09-05 05:30 - 2014-09-05 05:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk 2014-09-05 05:30 - 2014-09-05 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware 2014-09-05 05:29 - 2014-09-05 04:27 - 164038912 _____ (Emsisoft GmbH ) C:\Users\*****\Downloads\EmsisoftAntiMalwareSetup.exe 2014-09-05 04:26 - 2014-09-05 03:20 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-05 04:26 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-05 04:26 - 2014-09-05 03:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-09-05 04:24 - 2014-09-05 04:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012(1).exe 2014-09-05 03:58 - 2014-02-25 07:50 - 00000000 ____D () C:\Windows\apktool1.5.2 2014-09-05 03:20 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-05 03:19 - 2014-09-05 03:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*****\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-05 02:53 - 2014-09-05 02:42 - 00000000 ____D () C:\Users\*****\Downloads\cports-x64 2014-09-05 02:42 - 2014-09-05 02:42 - 00107492 _____ () C:\Users\*****\Downloads\cports-x64.zip 2014-08-28 18:47 - 2014-08-28 18:46 - 00659456 _____ (Speed Guide Inc.) C:\Users\*****\Downloads\TCPOptimizer.exe 2014-08-28 14:29 - 2014-08-28 14:30 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-08-27 22:02 - 2014-08-27 21:31 - 00000000 ____D () C:\Users\*****\Downloads\TL-WR702N_V1_130527_Beta 2014-08-25 20:11 - 2014-08-25 20:11 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Avira 2014-08-25 20:09 - 2014-08-25 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-25 20:08 - 2014-08-25 19:06 - 00000000 ____D () C:\ProgramData\Avira 2014-08-25 20:08 - 2014-08-25 19:06 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-08-25 19:06 - 2014-08-25 19:06 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-25 19:06 - 2014-08-25 19:06 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-25 19:05 - 2014-08-25 19:04 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\*****\Downloads\avira_de_av___ws.exe 2014-08-25 18:59 - 2009-07-14 06:45 - 00365104 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-25 18:57 - 2014-08-25 18:52 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft 2014-08-25 18:55 - 2014-08-25 18:55 - 00000000 ____D () C:\Users\*****\Downloads\mse-install45 2014-08-25 18:55 - 2014-08-25 18:50 - 24625644 _____ () C:\Users\*****\Downloads\mse-install45.zip 2014-08-25 18:55 - 2013-02-09 21:45 - 00105184 _____ () C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Abelssoft 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*****\AppData\Local\Abelssoft 2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\ProgramData\XDMessagingv4 2014-08-25 18:50 - 2014-08-25 18:50 - 00000000 ____D () C:\Users\*****\AppData\Roaming\DesktopIconGoodgame 2014-08-25 18:49 - 2014-08-25 18:49 - 01101648 _____ () C:\Users\*****\Downloads\Microsoft Security Essentials - CHIP-Installer.exe 2014-08-25 05:14 - 2014-08-25 05:10 - 13849784 _____ (Microsoft Corporation) C:\Users\*****\Downloads\mseinstall.exe 2014-08-20 01:23 - 2013-03-02 01:24 - 00000000 ____D () C:\ProgramData\Apple 2014-08-20 01:21 - 2014-06-14 22:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-20 01:18 - 2014-02-28 05:19 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1 2014-08-20 01:18 - 2014-02-24 04:47 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1 2014-08-20 01:18 - 2014-01-10 02:11 - 00000000 ____D () C:\Program Files (x86)\VideoPlayerV3 2014-08-15 19:30 - 2014-06-15 01:58 - 00000000 ____D () C:\ProgramData\VMware 2014-08-15 19:29 - 2014-06-15 01:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\VMware 2014-08-15 14:17 - 2013-08-20 06:18 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-15 14:13 - 2013-07-15 23:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-15 10:30 - 2014-08-25 20:08 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-08-15 10:30 - 2014-08-25 20:08 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-08-15 10:30 - 2014-08-25 20:08 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-08-10 15:16 - 2014-08-10 15:16 - 00285696 _____ () C:\Windows\Minidump\081014-55021-01.dmp 2014-08-10 15:16 - 2014-01-13 17:21 - 603007920 _____ () C:\Windows\MEMORY.DMP 2014-08-10 15:16 - 2014-01-13 17:21 - 00000000 ____D () C:\Windows\Minidump Some content of TEMP: ==================== C:\Users\*****\AppData\Local\Temp\avgnt.exe C:\Users\*****\AppData\Local\Temp\BackupSetup.exe C:\Users\*****\AppData\Local\Temp\COMAP.EXE C:\Users\*****\AppData\Local\Temp\drm_dyndata_7400009.dll C:\Users\*****\AppData\Local\Temp\firefoxjre_exe.exe C:\Users\*****\AppData\Local\Temp\Foxit Updater.exe C:\Users\*****\AppData\Local\Temp\installhelper.dll C:\Users\*****\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\*****\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\*****\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe C:\Users\*****\AppData\Local\Temp\lfwvjqqk.dll C:\Users\*****\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\*****\AppData\Local\Temp\nvSCPAPI.dll C:\Users\*****\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\*****\AppData\Local\Temp\nvStereoApiI.dll C:\Users\*****\AppData\Local\Temp\nvStereoApiI64.dll C:\Users\*****\AppData\Local\Temp\nvStInst.exe C:\Users\*****\AppData\Local\Temp\sfhhujep.dll C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe C:\Users\*****\AppData\Local\Temp\uninst1.exe C:\Users\*****\AppData\Local\Temp\UnityWebPlayer1327969725013184969.exe C:\Users\*****\AppData\Local\Temp\vlc-2.0.6-win64.exe C:\Users\*****\AppData\Local\Temp\vlc-2.1.4-win64.exe C:\Users\*****\AppData\Local\Temp\xmlUpdater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 16:27 ==================== End Of Log ============================ |
|
21.09.2014, 00:21
| #5 |
| | Nicht definierbare Einträge im Ereignislogbuch mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.09.2014 Suchlauf-Zeit: 03:32:06 Logdatei: qqqqqqqqqqq.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.04.12 Rootkit Datenbank: v2014.08.21.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ***** Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322607 Verstrichene Zeit: 20 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 1 PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\ExtensionUpdaterService.exe, 3772, Löschen bei Neustart, [872563860e6d3df97cffbc6a956e3ac6] Module: 0 (No malicious items detected) Registrierungsschlüssel: 97 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d7d562873f3c4cea26ab05af0101c739], PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [d7d562873f3c4cea26ab05af0101c739], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\CLSID\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}\INPROCSERVER32, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject.1, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\CLASSES\Extension.ExtensionHelperObject, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Extension.ExtensionHelperObject.1, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Löschen bei Neustart, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, Löschen bei Neustart, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{DD3A66B9-8A7C-4C3C-8D60-DB225A60D69C}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{881E49A1-8325-4B19-AE6F-B889A40D073A}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{881E49A1-8325-4B19-AE6F-B889A40D073A}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{DD3A66B9-8A7C-4C3C-8D60-DB225A60D69C}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, In Quarantäne, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Löschen bei Neustart, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1824FF90-C98E-48A6-838F-E3B6572B0C77}, Löschen bei Neustart, [cfdd8465d2a971c5cdfdb4c7bd45a45c], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A0EE0278-2986-4E5A-884E-A3BF0357E476}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.SoftwareUpdater, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{462862BE-9A5C-49A5-9CBD-A649EAC63645}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{0113A098-06EA-4776-A011-D75590778F1E}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, In Quarantäne, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Löschen bei Neustart, [525a3dac5d1e94a202c912690101b050], PUP.Optional.BetterSurf.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6E3C6B04-08FE-43BC-8E50-F90285024DEA}, Löschen bei Neustart, [525a3dac5d1e94a202c912690101b050], PUP.Optional.LyricsAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A8720491-9558-4C0D-9E35-30EED15DFB2B}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\TYPELIB\{5CCB425E-9B88-48B2-919B-393ACC3A0B2C}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKLM\SOFTWARE\CLASSES\INTERFACE\{4BF10C25-CFF7-441A-B4AE-FA5A24E35A2D}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4BF10C25-CFF7-441A-B4AE-FA5A24E35A2D}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{5CCB425E-9B88-48B2-919B-393ACC3A0B2C}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A8720491-9558-4C0D-9E35-30EED15DFB2B}, In Quarantäne, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A8720491-9558-4C0D-9E35-30EED15DFB2B}, Löschen bei Neustart, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.LyricsAd, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A8720491-9558-4C0D-9E35-30EED15DFB2B}, Löschen bei Neustart, [e8c49b4e592258dea30ff1c2679b5ca4], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1AD27395-1659-4DFF-A319-2CFA243861A5}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{D372567D-67C1-4B29-B3F0-159B52B3E967}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api.1, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Api, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Api.1, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers.1, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\CLASSES\YontooIEClient.Layers, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\YontooIEClient.Layers.1, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Löschen bei Neustart, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.Yontoo.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}, Löschen bei Neustart, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [eebe9b4e4932d363d5bc5922639f7d83], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [eebe02e762195ed8d542773e50b21de3], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [e0cc39b07308db5bbb5d2f863dc50ef2], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [8b21ac3db6c52c0aa903eaca90728b75], PUP.Optional.VbatesHelper.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\V-bates Updater, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}_is1, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [0e9ed514f3885dd9755933f26a996e92], PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\V-bates, In Quarantäne, [d5d7c920304b8babff7e45e1887b11ef], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [7a326287eb90e74f3504dc74c93b23dd], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\CLASSES\APPID\YontooIEClient.DLL, In Quarantäne, [b1fbc9205c1f3cfa6d2b976bcd368c74], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [3f6dd514e893979fc24da860f80b827e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [edbf27c2512a77bfbb13be6728dbe21e], PUP.Optional.VbatesHelper.A, HKLM\SOFTWARE\WOW6432NODE\V-bates, In Quarantäne, [1795fbee1a61e254f88575b123e00cf4], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [4c608f5ab2c9a0964aefa2aed23228d8], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\YontooIEClient.DLL, In Quarantäne, [c8e4b4351d5e8fa79efada283dc6619f], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dedmngkbaffkenlfdcbganndoghblmap, In Quarantäne, [7d2f4e9bbac12f07a42de528ef1408f8], PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\mmifolfpllfdhilecpdpmemhelmanajl, In Quarantäne, [426a3aaf6714ce688f1911f752b1a957], PUP.Optional.Yontoo.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\niapdbllcanepiiimjjndipklodoedlc, In Quarantäne, [b3f938b1d8a365d18e3d1af33ac93bc5], PUP.Optional.DataMngr.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Löschen bei Neustart, [87250fda176476c025ee53e8c63ec23e], PUP.Optional.DataMngr.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Löschen bei Neustart, [7537b9301c5f3501868c84b77e8633cd], PUP.Optional.Babylon.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Löschen bei Neustart, [941801e85d1ecb6b779f013b05ff7090], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Löschen bei Neustart, [8725c821e299d0660fcac55f8d7603fd], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Löschen bei Neustart, [3a72a445a1da999dea4cd9626b99cc34], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, Löschen bei Neustart, [208c836681fa1f173cf1e51cdd26af51], PUP.Optional.BProtector.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [baf29a4f5f1cf83e580ce658e91b51af], Registrierungswerte: 8 PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45] PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45] PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [3a7209e0e695bc7a69f6d7aa6c965fa1], PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, In Quarantäne, [6b418960ed8e4ee8da85b8c953af50b0], PUP.Optional.VBates, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}_IS1|UninstallString, "C:\Program Files\V-bates\unins000.exe", In Quarantäne, [cbe1ffea67146dc9bf42500d6e9619e7] PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|xz123@ya456.com, C:\Program Files (x86)\BetterSurf\ff, In Quarantäne, [1f8df5f468130a2cbadc877b18ebcb35] PUP.Optional.BetterSurf.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|ext@bettersurfplus.com, C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff, In Quarantäne, [05a770790675d363a0097a8ef60d867a] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3773635360-3589719687-3993712204-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0L1N1H2O1S, Löschen bei Neustart, [3a72a445a1da999dea4cd9626b99cc34] Registrierungsdaten: 0 (No malicious items detected) Ordner: 24 PUP.Optional.SoftwareUpdater.A, C:\Users\*****\AppData\Local\SwvUpdater, In Quarantäne, [d7d5cf1ab8c3290d07fb4eaf03ff758b], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, In Quarantäne, [a60699502457ea4c3286877605fd41bf], PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo, In Quarantäne, [b0fce7020b70bb7b25a5e52837cc7987], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates, Löschen bei Neustart, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\resources, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\skin, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults\preferences, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libraries, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\resources, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl, In Quarantäne, [2e7eaa3f2556e94d0cfb3296778b9769], PUP.Optional.Iminent.A, C:\Program Files (x86)\IminentToolbar, In Quarantäne, [f1bb8168ff7c58de190a8a3ed82a32ce], PUP.Optional.OpenCandy, C:\Users\*****\AppData\Roaming\OpenCandy, In Quarantäne, [ab01f3f6532888ae7bb155738d7535cb], PUP.Optional.OpenCandy, C:\Users\*****\AppData\Roaming\OpenCandy\82E0D648DB0E4124BFF0BF23EA630F3F, In Quarantäne, [ab01f3f6532888ae7bb155738d7535cb], PUP.Optional.OpenCandy, C:\Users\*****\AppData\Roaming\OpenCandy\C58E541E724949A6902064C69351230C, In Quarantäne, [ab01f3f6532888ae7bb155738d7535cb], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Local\Temp\Iminent, In Quarantäne, [cce02dbc196261d5c481c00806fce818], PUP.Optional.Webexp, C:\Program Files (x86)\WebexpEnhancedV1, In Quarantäne, [109c49a0fb8044f253c073579c666997], PUP.Optional.TrustMediaViewer.A, C:\Program Files (x86)\TrustMediaViewerV1, In Quarantäne, [cedee108a9d2db5babdbd50b09f9768a], Dateien: 100 PUP.Optional.VBates, C:\Program Files\V-bates\Extension64.dll, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.VBates, C:\Program Files\V-bates\Extension32.dll, In Quarantäne, [812bf2f7c1baf640035c008126dcbb45], PUP.Optional.SoftwareUpdater, C:\Users\*****\AppData\Local\SwvUpdater\Updater.exe, In Quarantäne, [4d5f6188b2c9320407810a7d16ecf50b], PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\YontooIEClient.dll, In Quarantäne, [e0cc13d66912b3835138f88418ea629e], PUP.Optional.GenericExt.A, C:\Users\*****\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\minibarchrome.exe, In Quarantäne, [119ba1481c5f2214fb6d0d3028d8728e], PUP.Optional.Conduit.A, C:\Users\*****\AppData\Roaming\OpenCandy\C58E541E724949A6902064C69351230C\SSStub_SearchProtect_p1v0.exe, In Quarantäne, [efbd04e51863e551477188a2b8497d83], PUP.Optional.OptChrome.A, C:\Program Files (x86)\Yontoo\OptChrome.exe, In Quarantäne, [0ba11fca42397bbbae19839bfa063ac6], PUP.Optional.Amonetize.A, C:\Users\*****\AppData\Local\Temp\Updater.exe, In Quarantäne, [436924c5accfb97d5ef5be694ab7f40c], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [7a32eefbaccf1d19bedf4c4e07fa41bf], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Local\Temp\IMsetup.exe, In Quarantäne, [5c506e7bf18a280ea88b153d4eb313ed], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsa16E2.exe, In Quarantäne, [802c6e7b1c5fba7c5a313601a0618f71], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsb2587.exe, In Quarantäne, [8e1e8e5beb90b08691fa9f98dd245da3], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsf1442.exe, In Quarantäne, [08a49c4d4c2f42f4c4c743f4649ded13], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsg4867.exe, In Quarantäne, [6c40f2f7b7c4191dcbc0033414ed7a86], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nskD412.exe, In Quarantäne, [15979059d8a3b87e2e5d1126966b8e72], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsl4AA9.exe, In Quarantäne, [01ab3cad5f1c7abcf497340381804bb5], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsn115.exe, In Quarantäne, [535926c3bdbee056cfbc2116bf42669a], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsq2373.exe, In Quarantäne, [3e6e8b5e502b3afc048739fe0cf5a65a], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsuCF20.exe, In Quarantäne, [8d1f1ccde69501356c1ffc3b9071e11f], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsuD191.exe, In Quarantäne, [b1fbd81184f7072f5338bb7c917036ca], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsv1193.exe, In Quarantäne, [4369f4f582f9cd695437191e47bab24e], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsv216F.exe, In Quarantäne, [beee28c193e867cf810ac473e1209a66], PUP.Optional.SearchProtect.A, C:\Users\*****\AppData\Local\Temp\nsv4605.exe, In Quarantäne, [7438c62395e6053192f939fefa07cc34], PUP.Optional.Conduit.A, C:\Users\*****\AppData\Local\Temp\utt43D3.tmp.exe, In Quarantäne, [cce03baef4870d29f7c1fa301ae734cc], PUP.Optional.Conduit.A, C:\Users\*****\AppData\Local\Temp\nsw5ED6.exe, In Quarantäne, [b2fa9b4e413ad85ee195bcd45ca54bb5], PUP.Optional.Somoto, C:\Users\*****\AppData\Local\Temp\bitool.dll, In Quarantäne, [beee6485f38894a2a82b76d9cc36837d], PUP.Optional.Bandoo.A, C:\Users\*****\AppData\Local\Temp\SetupDataMngr_Searchqu.exe, In Quarantäne, [6b413eabf08b25110378267ed4305ba5], PUP.Optional.Iminent, C:\Users\*****\AppData\Local\Temp\Umbrella.exe6ca1d9c5, In Quarantäne, [4468876287f4d75f5d96859006fb09f7], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus6FF5\CrxUpdater_d.exe, In Quarantäne, [cce034b53b404fe76975dec9e3212ed2], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busCF45\CrxUpdater_d.exe, In Quarantäne, [9814ad3ca2d91f176876b3f459ab649c], PUP.Optional.Delta.A, C:\Users\*****\AppData\Local\Temp\is1070216317\DeltaTB.exe, In Quarantäne, [377540a98cef63d3464cb85d926f2bd5], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busD3BA\CrxUpdater_d.exe, In Quarantäne, [e4c8f0f90279989ebc221790ae5650b0], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busDFEB\CrxUpdater_d.exe, In Quarantäne, [7d2f12d7e39855e1c21c71367f85639d], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus8746\CrxUpdater_d.exe, In Quarantäne, [9715b5347902979f805e822573913cc4], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busA37D\CrxUpdater_d.exe, In Quarantäne, [783478711f5cb086726c089f82829c64], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busA658\CrxUpdater_d.exe, In Quarantäne, [dad2ba2fd0ab72c4bb233a6d7193eb15], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busAE64\CrxUpdater_d.exe, In Quarantäne, [a507c42598e372c4d40a3572a55f04fc], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\busBF9A\CrxUpdater_d.exe, In Quarantäne, [2a82effa1a6169cdc01e228531d30ff1], PUP.Optional.BabSolution.A, C:\Users\*****\AppData\Local\Temp\busC13D\BUSolution.dll, In Quarantäne, [bcf0e801087333030d8163b7867b52ae], PUP.Optional.Conduit.A, C:\Users\*****\AppData\Local\Temp\nslBDDC\SpSetup.exe, In Quarantäne, [f1bb15d4b3c8979f94e851db699831cf], PUP.Optional.Conduit.A, C:\Users\*****\AppData\Local\Temp\nsp6594\SpSetup.exe, In Quarantäne, [e3c959901c5ffb3bc1bb121aee130af6], PUP.Optional.Babylon.A, C:\Users\*****\AppData\Local\Temp\AA3232A3-BAB0-7891-BC32-A8D38621D556\Latest\BExternal.dll, In Quarantäne, [4369b5345f1c81b5d24610130df3f50b], Trojan.RotBrowse, C:\Users\*****\AppData\Local\Temp\AA3232A3-BAB0-7891-BC32-A8D38621D556\Latest\ccp.exe, In Quarantäne, [bfed2ebb8af13cfad6937a57ef15936d], PUP.Optional.Babylon.A, C:\Users\*****\AppData\Local\Temp\AA3232A3-BAB0-7891-BC32-A8D38621D556\Latest\CrxInstaller.dll, In Quarantäne, [6e3e32b75724eb4b44ff05228b76d729], PUP.Optional.Delta.A, C:\Users\*****\AppData\Local\Temp\AA3232A3-BAB0-7891-BC32-A8D38621D556\Latest\MyBabylonTB.exe, In Quarantäne, [5c50c821cab13ff7cd93ea9454ad4ab6], PUP.Optional.Babylon.A, C:\Users\*****\AppData\Local\Temp\AA3232A3-BAB0-7891-BC32-A8D38621D556\Latest\Setup.exe, In Quarantäne, [6a42da0f215a3bfb2e63d84639c7b54b], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus1A51\CrxUpdater_d.exe, In Quarantäne, [8f1de0097209e35319c5d9cecd37a759], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus253A\CrxUpdater_d.exe, In Quarantäne, [802c44a55526f04637a76f38c83cb749], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus27E6\CrxUpdater_d.exe, In Quarantäne, [f8b4c722e4971620b92586214db7718f], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus58EB\CrxUpdater_d.exe, In Quarantäne, [2a82b93039423ef80dd1b6f1867e52ae], PUP.Optional.CRX.A, C:\Users\*****\AppData\Local\Temp\bus6C9A\CrxUpdater_d.exe, In Quarantäne, [367641a80d6ea78fe4fa228543c1837d], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsiC021.exe, In Quarantäne, [6547f4f545367abc1b70d1665da4d42c], PUP.Optional.Conduit.A, C:\Windows\Temp\nsiE011.exe, In Quarantäne, [644813d67605de589bdb226e679a26da], PUP.Optional.Conduit.A, C:\Windows\Temp\nsm56E2.exe, In Quarantäne, [d6d6e504c6b5fe384e28642c21e09d63], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsnABD6.exe, In Quarantäne, [83298b5e285346f03a5181b641c09d63], PUP.Optional.Conduit.A, C:\Windows\Temp\nsp96D8.exe, In Quarantäne, [ffadc128b0cb87aff086e2aece3304fc], PUP.Optional.Conduit.A, C:\Windows\Temp\nsr7B92.exe, In Quarantäne, [7834a247aecd91a5b0c6c2ceb8493ac6], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss703C.exe, In Quarantäne, [cddf2fba05760a2c14771d1afd04c53b], PUP.Optional.Conduit.A, C:\Windows\Temp\nssC7EE.exe, In Quarantäne, [b5f7ebfe2b50fc3a0b6b642c1ae74cb4], PUP.Optional.Conduit.A, C:\Windows\Temp\nsv73ED.exe, In Quarantäne, [129a70790e6d6ccaa3d3fc948b762bd5], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx686F.exe, In Quarantäne, [fab202e77cff053178136ccb0af70af6], PUP.Optional.SoftwareUpdater.A, C:\Users\*****\AppData\Local\SwvUpdater\Updater.xml, In Quarantäne, [d7d5cf1ab8c3290d07fb4eaf03ff758b], PUP.Optional.SoftwareUpdater.A, C:\Users\*****\AppData\Local\SwvUpdater\status.cfg, In Quarantäne, [d7d5cf1ab8c3290d07fb4eaf03ff758b], PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, In Quarantäne, [a60699502457ea4c3286877605fd41bf], PUP.Optional.BrowserProtect.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\BrowserProtect.xml, In Quarantäne, [c5e7faef8eeda690861717ea5ba88c74], PUP.SoftwareUpdater.A, C:\Windows\System32\Tasks\AmiUpdXp, In Quarantäne, [eac2935605768da931da6d9536cd49b7], PUP.Optional.Yontoo.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\extensions\plugin@yontoo.com.xpi, In Quarantäne, [74384a9fc3b8e551cc6c8e7518eb19e7], PUP.Optional.Trovi.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\trovi-search.xml, In Quarantäne, [fcb0a74202790f271dbf4ac28f742dd3], PUP.Optional.Yontoo.A, C:\Program Files (x86)\Yontoo\YontooLayers.crx, In Quarantäne, [b0fce7020b70bb7b25a5e52837cc7987], PUP.Optional.Babylon.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\babylon.xml, In Quarantäne, [adff4a9fec8ff442b2460514966da15f], PUP.Optional.BProtector.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\bProtector_extensions.sqlite, In Quarantäne, [941846a3f08bf14563a1db3f8083fb05], PUP.Optional.BProtector.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\bprotector_prefs.js, In Quarantäne, [406cc7228af1e3532bda130748bb9070], PUP.Optional.Delta.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\delta.xml, In Quarantäne, [e0cc37b2166525115dce38e212f14ab6], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\iminent.xml, In Quarantäne, [a20ace1b7209c472cd900a10798a37c9], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\source.crx, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\DGChrome.exe, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\ExtensionUpdaterService.exe, Löschen bei Neustart, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\InstallerHelper.dll, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\NMHClient.exe, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\NMHClient.json, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\PrefHelper.exe, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\unins000.dat, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\unins000.exe, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome.manifest, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\icon.png, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\install.rdf, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\main.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\main.xul, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\libraries\DataExchangeScript.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\content\resources\LocalScript.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\locale\en-US\overlay.dtd, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\chrome\skin\overlay.css, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\Firefox\defaults\preferences\defaults.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\libraries\DataExchangeScript.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Optional.VbatesHelper.A, C:\Program Files\V-bates\resources\LocalScript.js, In Quarantäne, [872563860e6d3df97cffbc6a956e3ac6], PUP.Software.Updater, C:\Windows\Tasks\AmiUpdXp.job, In Quarantäne, [a507db0ecbb0bf77ce98df4da45f857b], PUP.Optional.VBates.A, C:\Users\*****\AppData\Local\Temp\v-bates.exe, In Quarantäne, [7d2fe2073645e254d349b6a64fb5d12f], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Roaming\igdhbblpcellaljokkpfhcjlagemhgjl\empty.localstorage, In Quarantäne, [2e7eaa3f2556e94d0cfb3296778b9769], PUP.Optional.OpenCandy, C:\Users\*****\AppData\Roaming\OpenCandy\82E0D648DB0E4124BFF0BF23EA630F3F\Trial-14.0.1000.89_de-DE_1004733_DE-2.exe, In Quarantäne, [ab01f3f6532888ae7bb155738d7535cb], PUP.Optional.Iminent.A, C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\user.js, Gut: (), Schlecht: (user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");), Ersetzt,[a408dd0c394283b30df851d02cd9d030] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter OTL logfile created on: 08.09.2014 19:44:43 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,89 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 63,35% Memory free 15,78 Gb Paging File | 12,10 Gb Available in Paging File | 76,68% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 279,45 Gb Total Space | 168,74 Gb Free Space | 60,38% Space Free | Partition Type: NTFS Drive D: | 393,86 Gb Total Space | 136,85 Gb Free Space | 34,74% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avrestart.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) PRC - C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe () PRC - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe (Microsoft Corp.) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) PRC - C:\Windows\AsScrPro.exe (ASUS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) PRC - C:\Windows\SysWOW64\ACEngSvr.exe (ASUSTeK) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () PRC - C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (ASUS) ========== Modules (No Company Name) ========== MOD - C:\Users\*****\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () MOD - C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe () MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () MOD - C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll () MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () ========== Services (SafeList) ========== SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.) SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation) SRV:64bit: - (NvStreamSvc) -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (Intel(R) -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WTouchService) -- C:\Program Files\WTouch\WTouchService.exe (Wacom Technology, Corp.) SRV:64bit: - (TabletServicePen) -- C:\Windows\SysNative\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (Avira.OE.ServiceHost) -- C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (a2AntiMalware) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) SRV - (BstHdUpdaterSvc) -- C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe (BlueStack Systems, Inc.) SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (TeamViewer9) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (BingDesktopUpdate) -- C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Microsoft Corp.) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (SearchAnonymizer) -- C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUSTek Computer Inc.) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (ASUS InstantOn) -- C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe (ASUS) SRV - (ZAtheros Bt&Wlan Coex Agent) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Atheros) SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe () SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMSwissArmy) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (MBAMWebAccessControl) -- C:\Windows\SysNative\drivers\mwac.sys (Malwarebytes Corporation) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AsusVBus) -- C:\Windows\SysNative\drivers\AsusVBus.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AsusVTouch) -- C:\Windows\SysNative\drivers\AsusVTouch.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros) DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros) DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros) DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros) DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros) DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros) DRV:64bit: - (btath_avdt) -- C:\Windows\SysNative\drivers\btath_avdt.sys (Atheros) DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( ) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (WacomVKHid) -- C:\Windows\SysNative\drivers\WacomVKHid.sys (Wacom Technology) DRV - (a2acc) -- C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys (Emsisoft GmbH) DRV - (a2util) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys (Emsisoft GmbH) DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems) DRV - (cleanhlp) -- C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys (Emsisoft GmbH) DRV - (a2injectiondriver) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys (Emsisoft GmbH) DRV - (A2DDA) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys (Emsisoft GmbH) DRV - (AiCharger) -- C:\Windows\SysWOW64\drivers\AiCharger.sys (ASUSTek Computer Inc.) DRV - (ATKWMIACPIIO) -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys (ASUS) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blankROUN IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blankROUN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {721061fb-eb79-4568-a03c-3ce26d68dae9} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=dsse IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankLBA IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 25 0A 1C 6C B0 39 CF 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {B92A71DE-23FC-489F-B537-FE350C74BDF0} IE - HKCU\..\SearchScopes\{B92A71DE-23FC-489F-B537-FE350C74BDF0}: "URL" = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE885&p={SearchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5 FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.9 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0 FF - prefs.js..network.proxy.type: 0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_45: C:\Windows\system32\npdeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\*****\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\*****\AppData\Roaming\Helper [2013.02.11 16:02:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: kernel32::GetLongPathNameW(w R8, w .R7, i 1024)i .R6\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.07.30 22:22:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.07.30 22:22:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\extensions\firejump@firejump.net FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\extensions\extension@preispilot.com FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lrcfan@fansoft.br: C:\Program Files (x86)\LyricsFan\FF\ FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{e4f94d1e-2f53-401e-8885-681602c0ddd8}: C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014.04.04 12:36:14 | 000,010,691 | ---- | M] () FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2014.07.30 22:22:40 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 31.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014.07.30 22:22:41 | 000,000,000 | ---D | M] [2013.02.09 23:34:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2014.09.08 19:36:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\8t12mosy.default\extensions [2014.09.04 15:05:03 | 000,000,000 | ---D | M] (Avira Browser Safety) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\8t12mosy.default\extensions\abs@avira.com [2014.09.06 21:53:13 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\8t12mosy.default\extensions\foxyproxy@eric.h.jung [2013.12.12 13:56:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\8t12mosy.default\extensions\ich@maltegoetz.de [2013.02.12 01:25:14 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\extensions\extension@preispilot.com.xpi [2013.05.04 01:45:54 | 000,114,250 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\extensions\nosquint@urandom.ca.xpi [2014.07.23 15:27:10 | 000,967,685 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014.08.05 13:51:53 | 000,556,916 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013.02.11 16:02:54 | 000,002,079 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\98941506-d865-4ffd-a8db-da5a32d4be77.xml [2014.09.08 19:35:45 | 000,000,996 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\avira-safesearch.xml [2013.02.11 16:11:26 | 000,002,315 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\google-default.xml [2013.02.11 16:02:37 | 000,001,870 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\{002E3E7B-A688-49FC-8BE9-CCA7EBB47BEC}.xml [2013.02.11 16:02:37 | 000,002,188 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\{3CED5DB9-007E-40CB-8CBB-4AF88EE949DE}.xml [2013.02.11 16:02:37 | 000,002,077 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\searchplugins\{76E1CA73-5A2E-4CCC-8400-FC1BCEAA9571}.xml [2014.07.30 22:22:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2014.07.30 22:22:46 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~2\IDM\QUICKF~1\PlugIns\IEHelp.dll (IDM) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation) O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) O4 - HKLM..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" File not found O4 - HKLM..\Run: [ASUS InstantKey] C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe (ASUS) O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS) O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUSTek Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Avira Systray] C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe (Microsoft Corp.) O4 - HKLM..\Run: [BlueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe (BlueStack Systems, Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (ASUSTeK Computer Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ensonhaber Alarm.lnk = C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0 O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab (Java Plug-in 1.6.0_45) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01779A16-E73C-4F56-8541-140FBBFE0727}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (bj.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2014.09.08 19:41:10 | 000,042,040 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014.09.08 19:39:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira [2014.09.08 19:38:37 | 000,130,584 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.09.08 19:38:37 | 000,117,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.09.08 19:38:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.09.08 19:34:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2014.09.08 19:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2014.09.08 19:34:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2014.09.08 19:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2014.09.08 18:11:50 | 000,000,000 | ---D | C] -- C:\FRST [2014.09.08 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\workspace [2014.09.08 15:28:43 | 000,000,000 | ---D | C] -- C:\Users\*****\.android [2014.09.08 14:40:15 | 000,545,200 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll [2014.09.08 14:40:15 | 000,526,768 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2014.09.08 14:40:15 | 000,196,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2014.09.08 14:40:15 | 000,172,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2014.09.08 14:40:15 | 000,172,976 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2014.09.08 14:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2014.09.08 02:05:28 | 000,000,000 | ---D | C] -- C:\Users\*****\workspace [2014.09.07 21:39:33 | 000,000,000 | ---D | C] -- C:\20cf004b03143b5f40 [2014.09.06 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\eclipse-standard-luna-R-win32-x86_64 [2014.09.05 14:06:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Emsisoft [2014.09.05 05:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2014.09.05 05:30:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware [2014.09.05 03:21:47 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.09.05 03:20:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware [2014.09.05 03:20:31 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys [2014.09.05 03:20:31 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys [2014.09.05 03:20:31 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2014.09.05 03:20:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware [2014.09.05 03:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2014.08.25 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Abelssoft [2014.08.25 18:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\XDMessagingv4 [2014.08.25 18:52:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Abelssoft [2014.08.25 18:50:37 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\DesktopIconGoodgame [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2014.09.08 19:39:32 | 000,042,040 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys [2014.09.08 19:34:22 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Avira.lnk [2014.09.08 19:25:34 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2014.09.08 19:25:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2014.09.08 19:25:29 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2014.09.08 19:18:12 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2014.09.08 19:17:31 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys [2014.09.08 19:14:40 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2014.09.08 19:14:26 | 000,000,387 | ---- | M] () -- C:\Users\*****\AppData\Roaming\sp_data.sys [2014.09.08 19:14:05 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job [2014.09.08 19:12:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2014.09.08 19:12:41 | 2057,695,231 | -HS- | M] () -- C:\hiberfil.sys [2014.09.08 17:20:45 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2014.09.08 14:40:05 | 000,545,200 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\npdeployJava1.dll [2014.09.08 14:40:05 | 000,526,768 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll [2014.09.08 14:40:05 | 000,196,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe [2014.09.08 14:40:05 | 000,172,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe [2014.09.08 14:40:05 | 000,172,976 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe [2014.09.07 23:34:26 | 000,003,477 | ---- | M] () -- C:\Users\*****\Desktop\tiledirt2.png [2014.09.07 23:34:21 | 000,003,404 | ---- | M] () -- C:\Users\*****\Desktop\tilegrassright.png [2014.09.07 23:34:17 | 000,003,403 | ---- | M] () -- C:\Users\*****\Desktop\tilegrassleft.png [2014.09.07 23:34:12 | 000,003,379 | ---- | M] () -- C:\Users\*****\Desktop\tilegrassbot.png [2014.09.07 23:34:08 | 000,003,383 | ---- | M] () -- C:\Users\*****\Desktop\tiledirt1.png [2014.09.07 23:01:59 | 000,032,109 | ---- | M] () -- C:\Users\*****\Desktop\background.png [2014.09.07 23:00:22 | 000,003,208 | ---- | M] () -- C:\Users\*****\Desktop\tileocean.png [2014.09.07 23:00:17 | 000,003,383 | ---- | M] () -- C:\Users\*****\Desktop\tiledirt.png [2014.09.07 22:01:19 | 000,011,455 | ---- | M] () -- C:\Users\*****\Desktop\heliboy.png [2014.09.07 21:59:53 | 000,010,843 | ---- | M] () -- C:\Users\*****\Desktop\heliboy4.png [2014.09.07 21:59:48 | 000,010,857 | ---- | M] () -- C:\Users\*****\Desktop\heliboy3.png [2014.09.07 21:59:44 | 000,010,934 | ---- | M] () -- C:\Users\*****\Desktop\heliboy2.png [2014.09.07 21:59:39 | 000,010,714 | ---- | M] () -- C:\Users\*****\Desktop\heliboy5.png [2014.09.07 21:58:30 | 000,005,771 | ---- | M] () -- C:\Users\*****\Desktop\character3.png [2014.09.07 21:58:25 | 000,005,768 | ---- | M] () -- C:\Users\*****\Desktop\character2.png [2014.09.07 21:33:10 | 095,320,394 | ---- | M] () -- C:\Users\*****\Desktop\COMPONENTS.reg [2014.09.07 20:56:18 | 000,002,115 | ---- | M] () -- C:\Windows\epplauncher.mif [2014.09.07 20:29:08 | 007,663,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2014.09.07 20:29:08 | 002,762,848 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2014.09.07 20:29:08 | 002,385,206 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2014.09.07 20:29:08 | 002,138,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014.09.07 20:29:08 | 000,006,488 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2014.09.07 20:24:04 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2014.09.07 18:04:53 | 000,010,766 | ---- | M] () -- C:\Users\*****\Desktop\jumped.png [2014.09.07 18:04:35 | 000,007,325 | ---- | M] () -- C:\Users\*****\Desktop\down.png [2014.09.07 17:39:14 | 000,032,109 | ---- | M] () -- C:\Users\*****\Desktop\background,m5.png [2014.09.07 12:02:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job [2014.09.07 02:30:08 | 000,005,758 | ---- | M] () -- C:\Users\*****\Desktop\character.png [2014.09.07 00:48:46 | 000,000,155 | ---- | M] () -- C:\Users\*****\.appletviewer [2014.09.05 05:30:45 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2014.09.05 04:26:19 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.08.25 18:59:12 | 000,365,104 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014.08.15 10:30:05 | 000,130,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2014.08.15 10:30:05 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2014.08.15 10:30:04 | 000,117,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2014.08.10 15:16:06 | 603,007,920 | ---- | M] () -- C:\Windows\MEMORY.DMP [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2014.09.08 19:34:22 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Avira.lnk [2014.09.08 17:20:45 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2014.09.07 23:34:26 | 000,003,477 | ---- | C] () -- C:\Users\*****\Desktop\tiledirt2.png [2014.09.07 23:34:21 | 000,003,404 | ---- | C] () -- C:\Users\*****\Desktop\tilegrassright.png [2014.09.07 23:34:16 | 000,003,403 | ---- | C] () -- C:\Users\*****\Desktop\tilegrassleft.png [2014.09.07 23:34:12 | 000,003,379 | ---- | C] () -- C:\Users\*****\Desktop\tilegrassbot.png [2014.09.07 23:34:07 | 000,003,383 | ---- | C] () -- C:\Users\*****\Desktop\tiledirt1.png [2014.09.07 23:00:22 | 000,003,208 | ---- | C] () -- C:\Users\*****\Desktop\tileocean.png [2014.09.07 23:00:17 | 000,003,383 | ---- | C] () -- C:\Users\*****\Desktop\tiledirt.png [2014.09.07 21:59:53 | 000,010,843 | ---- | C] () -- C:\Users\*****\Desktop\heliboy4.png [2014.09.07 21:59:48 | 000,010,857 | ---- | C] () -- C:\Users\*****\Desktop\heliboy3.png [2014.09.07 21:59:44 | 000,010,934 | ---- | C] () -- C:\Users\*****\Desktop\heliboy2.png [2014.09.07 21:59:39 | 000,010,714 | ---- | C] () -- C:\Users\*****\Desktop\heliboy5.png [2014.09.07 21:58:30 | 000,005,771 | ---- | C] () -- C:\Users\*****\Desktop\character3.png [2014.09.07 21:58:24 | 000,005,768 | ---- | C] () -- C:\Users\*****\Desktop\character2.png [2014.09.07 21:33:00 | 095,320,394 | ---- | C] () -- C:\Users\*****\Desktop\COMPONENTS.reg [2014.09.07 18:20:42 | 000,011,455 | ---- | C] () -- C:\Users\*****\Desktop\heliboy.png [2014.09.07 18:04:52 | 000,010,766 | ---- | C] () -- C:\Users\*****\Desktop\jumped.png [2014.09.07 18:04:35 | 000,007,325 | ---- | C] () -- C:\Users\*****\Desktop\down.png [2014.09.07 17:39:14 | 000,032,109 | ---- | C] () -- C:\Users\*****\Desktop\background.png [2014.09.07 17:39:14 | 000,032,109 | ---- | C] () -- C:\Users\*****\Desktop\background,m5.png [2014.09.07 02:30:07 | 000,005,758 | ---- | C] () -- C:\Users\*****\Desktop\character.png [2014.09.07 00:48:46 | 000,000,155 | ---- | C] () -- C:\Users\*****\.appletviewer [2014.09.05 05:30:45 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2014.09.05 03:20:38 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2014.08.25 05:15:01 | 000,002,115 | ---- | C] () -- C:\Windows\epplauncher.mif [2014.07.26 04:08:33 | 000,012,072 | ---- | C] () -- C:\Windows\SysWow64\drivers\MoborobAssDriver64.sys [2014.05.07 00:14:31 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll [2014.05.07 00:14:31 | 000,182,272 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014.05.07 00:14:31 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [2014.03.12 03:47:27 | 000,535,902 | ---- | C] () -- C:\Users\*****\sonu.VIP [2014.03.12 03:42:28 | 000,535,386 | ---- | C] () -- C:\Users\*****\uuu.VIP [2014.03.12 02:13:13 | 000,002,830 | ---- | C] () -- C:\Users\*****\Unbenannt.PNG [2014.03.08 02:10:08 | 002,323,350 | ---- | C] () -- C:\Users\*****\Standart05.ogg [2014.03.08 02:10:08 | 000,000,171 | ---- | C] () -- C:\Users\*****\Standart05.cue [2014.02.28 05:20:16 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2014.02.25 08:14:02 | 000,000,000 | ---- | C] () -- C:\Users\*****\java [2014.02.25 07:50:35 | 000,854,016 | ---- | C] () -- C:\Windows\aapt.exe [2013.05.31 22:44:20 | 000,000,118 | ---- | C] () -- C:\Users\*****\kvirc4.ini [2013.02.11 16:02:42 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.09 21:49:07 | 000,000,387 | ---- | C] () -- C:\Users\*****\AppData\Roaming\sp_data.sys [2012.02.24 04:42:37 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:D20FFA63 < End of report > |
|
21.09.2014, 00:23
| #6 |
| | Nicht definierbare Einträge im Ereignislogbuch GMER Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-08 18:30:39
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD75 rev.01.0 698,64GB
Running: Gmer-19357.exe; Driver: C:\Users\*****\AppData\Local\Temp\kwlcqkog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037ba000 59 bytes [FB, FF, 48, 8B, CB, BA, 12, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 941 fffff800037ba19d 7 bytes [B8, 00, 00, FF, FF, FF, FF]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefa202460 5 bytes JMP 000007fefd0802d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1488] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefa2396b0 6 bytes JMP 000007fefd080298
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 000007fefa202460 5 bytes JMP 000007fefd0802d0
.text C:\Windows\SYSTEM32\WISPTIS.EXE[1636] C:\Windows\SYSTEM32\d3d9.dll!Direct3DCreate9 000007fefa2396b0 6 bytes JMP 000007fefd080298
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\WTouch\WTouchUser.exe[1648] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe[1660] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes JMP ff550000
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes JMP ffffffff
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef934dc88 5 bytes JMP 000007fff91400d8
.text C:\Windows\system32\Dwm.exe[1732] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef934de10 5 bytes JMP 000007fff9140110
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes {JMP QWORD [RIP+0x21d000]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefed645c1 5 bytes {JMP QWORD [RIP+0x1aba70]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes {JMP QWORD [RIP+0x1e7da0]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes {JMP QWORD [RIP+0x1a1f40]}
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\msi.dll!MsiSetInternalUI 000007fef2525cd0 6 bytes JMP 0
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\msi.dll!MsiInstallProductA 000007fef25a0f20 6 bytes JMP 0
.text C:\Windows\Explorer.EXE[1808] C:\Windows\system32\msi.dll!MsiInstallProductW 000007fef25afaa8 6 bytes JMP 0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe[1820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe[1704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe[2192] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\system32\ADVAPI32.dll!CreateServiceW 000007fefdb555c8 6 bytes {JMP QWORD [RIP+0x10aa68]}
.text C:\Windows\system32\taskhost.exe[2256] C:\Windows\system32\ADVAPI32.dll!CreateServiceA 000007fefdb6b85c 6 bytes JMP 1801
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe[2352] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe[2412] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x1284fc]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x13fc70]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes {JMP QWORD [RIP+0x57d000]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefed645c1 5 bytes {JMP QWORD [RIP+0x1aba70]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes {JMP QWORD [RIP+0x1e7da0]}
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2584] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes {JMP QWORD [RIP+0x1a1f40]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\system32\taskeng.exe[2704] C:\Windows\system32\ole32.dll!CoSetProxyBlanket
|
|
21.09.2014, 00:28
| #7 |
| | Nicht definierbare Einträge im EreignislogbuchCode:
ATTFilter .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2752] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[2908] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x1284fc]}
.text C:\Program Files\Elantech\ETDCtrl.exe[2920] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes JMP 0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes JMP 0
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefed645c1 5 bytes {JMP QWORD [RIP+0x1aba70]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes {JMP QWORD [RIP+0x1e7da0]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes JMP a2
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[2964] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes {JMP QWORD [RIP+0x57d000]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefed645c1 5 bytes {JMP QWORD [RIP+0x1aba70]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes {JMP QWORD [RIP+0x1e7da0]}
.text C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe[3004] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes {JMP QWORD [RIP+0x1a1f40]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x1284fc]}
.text C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe[2336] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x13fc70]}
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe[3152] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\System32\hkcmd.exe[3204] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\System32\igfxpers.exe[3256] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes JMP 0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes JMP 0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes JMP 55555555
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes JMP 55
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd060180
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0600d8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd060148
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 30000000
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd060110
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0601f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0601b8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes {JMP QWORD [RIP+0x21d000]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\WS2_32.dll!connect + 1
|
|
21.09.2014, 00:37
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nicht definierbare Einträge im Ereignislogbuch Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.09.2014, 00:37
| #9 |
| | Nicht definierbare Einträge im EreignislogbuchCode:
ATTFilter .text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes {JMP QWORD [RIP+0x1e7da0]}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3408] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes {JMP QWORD [RIP+0x1a1f40]}
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 717e000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 717e000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7175000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7175000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7178000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7178000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 717b000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 717b000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7184000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7184000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 7181000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 7181000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 7172000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 7172000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 716f000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 716f000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 7193000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 718d000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 7190000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 7196000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 7199000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 7199000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 719f000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 719c000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7187000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 718a000a
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3504] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7178000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7178000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 7175000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 7175000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 7172000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 7172000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71ac0000
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7190000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 719c000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 719c000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 718a000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 718d000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 7160000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 7169000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 7163000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 7166000a
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe[3820] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[3836] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 7178000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 7178000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 716f000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 716f000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7172000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7172000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7175000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7175000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 716c000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 716c000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 7169000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 7169000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[3860] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\ole32.dll!CoCreateInstance
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\Splendid\ACMON.exe[3876] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\AsScrPro.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe[3900] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe[3924] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes [74, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes [77, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes [7A, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes [83, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes [80, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes [71, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes [6E, 71]
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe[3136] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4
|
|
21.09.2014, 00:39
| #10 |
| | Nicht definierbare Einträge im EreignislogbuchCode:
ATTFilter .text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Windows\SysWOW64\ACEngSvr.exe[3552] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe[4244] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[4668] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\d3d9.dll!Direct3DCreate9Ex 000007fefa202460 5 bytes JMP 000007fefd0802d0
.text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[3252] C:\Windows\system32\d3d9.dll!Direct3DCreate9 000007fefa2396b0 6 bytes JMP 000007fefd080298
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\WTablet\Pen_TabletUser.exe[1008] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\system32\Pen_Tablet.exe[6036] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[5884] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[5884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[5884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[5884] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe[5884] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x1284fc]}
.text C:\Program Files\Elantech\ETDCtrlHelper.exe[6960] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x13fc70]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorA 000007fef9ee7b34 6 bytes {JMP QWORD [RIP+0x884fc]}
.text C:\Program Files\Elantech\ETDGesture.exe[3620] C:\Windows\system32\WINSPOOL.DRV!AddPrintProvidorW 000007fef9ef03c0 6 bytes {JMP QWORD [RIP+0x9fc70]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\igfxsrvc.exe[3028] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 7178000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 7178000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 7175000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 7175000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe[3564] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5436] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[4880] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 7178000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 7178000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 7175000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 7175000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 719f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 719f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
|
|
21.09.2014, 01:24
| #11 |
| | Nicht definierbare Einträge im EreignislogbuchCode:
ATTFilter .text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 7169000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 7172000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 716c000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe[180] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 716f000a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes [80, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes [83, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes [8F, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes [8C, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes [7D, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes [7A, 71]
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe[2024] C:\Windows\syswow64\KERNEL32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes [FF, 25, 1E]
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2424] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes [7A, 71]
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe[5868] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 716f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 7178000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 7172000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe[5052] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 7175000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\user32.DLL!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\WS2_32.dll!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 716f000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\WS2_32.dll!connect 00000000750e6bdd 6 bytes JMP 7178000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\WS2_32.dll!listen 00000000750eb001 6 bytes JMP 7172000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\WS2_32.dll!WSAConnect 00000000750ecc3f 6 bytes JMP 7175000a
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075241401 2 bytes JMP 754db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075241419 2 bytes JMP 754db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075241431 2 bytes JMP 75558ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007524144a 2 bytes CALL 754b48ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000752414dd 2 bytes JMP 755587a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000752414f5 2 bytes JMP 75558978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007524150d 2 bytes JMP 75558698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075241525 2 bytes JMP 75558a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007524153d 2 bytes JMP 754cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075241555 2 bytes JMP 754d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007524156d 2 bytes JMP 75558f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075241585 2 bytes JMP 75558ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007524159d 2 bytes JMP 7555865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000752415b5 2 bytes JMP 754cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000752415cd 2 bytes JMP 754db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000752416b2 2 bytes JMP 75558e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe[4888] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000752416bd 2 bytes JMP 755585f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\wuauclt.exe[9000] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\WS2_32.dll!WSALookupServiceBeginW 000007fefed63030 6 bytes JMP 21cff8
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\WS2_32.dll!connect + 1 000007fefed645c1 5 bytes JMP 0
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\WS2_32.dll!listen 000007fefed68290 6 bytes JMP 1
.text C:\Windows\system32\taskhost.exe[4892] C:\Windows\system32\WS2_32.dll!WSAConnect 000007fefed8e0f0 6 bytes JMP 0
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\cmd.exe[2388] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes CALL 9000027
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes {JMP QWORD [RIP+0x8f9e1f0]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\conhost.exe[4580] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077181510 6 bytes {JMP QWORD [RIP+0x8fbeb20]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationFile 0000000077181520 6 bytes {JMP QWORD [RIP+0x901eb10]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000771815e0 6 bytes {JMP QWORD [RIP+0x8ffea50]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000077181800 6 bytes {JMP QWORD [RIP+0x8fde830]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtSetValueKey 00000000771818b0 6 bytes {JMP QWORD [RIP+0x8f7e780]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteValueKey 0000000077181e40 6 bytes JMP 0
.text C:\Windows\system32\java.exe[7200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771827e0 6 bytes {JMP QWORD [RIP+0x903d850]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!RegSetValueExW 000000007701a400 7 bytes JMP 000000016fff0228
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!RegQueryValueExW 0000000077023f20 5 bytes JMP 000000016fff0180
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 000000007702db80 6 bytes {JMP QWORD [RIP+0x91b24b0]}
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!RegDeleteValueW 000000007703ffb0 5 bytes JMP 000000016fff01b8
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 000000007704f2e0 5 bytes JMP 000000016fff0110
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077079a30 7 bytes JMP 000000016fff00d8
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 00000000770894c0 5 bytes JMP 000000016fff0148
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\kernel32.dll!RegSetValueExA 00000000770a87e0 7 bytes JMP 000000016fff01f0
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefd092db0 5 bytes JMP 000007fffd080180
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefd0937d0 7 bytes JMP 000007fffd0800d8
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd098ef0 6 bytes JMP 000007fffd080148
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefd099055 3 bytes [B5, 6F, 06]
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefd0aaf60 5 bytes JMP 000007fffd080110
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefedb89e0 8 bytes JMP 000007fffd0801f0
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefedbbe40 8 bytes JMP 000007fffd0801b8
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefd517490 11 bytes JMP 000007fffd080228
.text C:\Windows\system32\java.exe[7200] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefd52bf00 7 bytes JMP 000007fffd080260
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 717e000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 717e000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7175000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7175000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7178000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7178000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 717b000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 717b000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7184000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7184000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 7181000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 7181000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 7172000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 7172000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 716f000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 716f000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\ADVAPI32.DLL!CreateServiceW 00000000750670c4 6 bytes JMP 7187000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\ADVAPI32.DLL!CreateServiceA 0000000075083264 6 bytes JMP 718a000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 7193000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 718d000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 7190000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 7196000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 7199000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 7199000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 719f000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 719c000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\WS2_32.DLL!WSALookupServiceBeginW 00000000750e575a 6 bytes JMP 71a2000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\WS2_32.DLL!connect 00000000750e6bdd 6 bytes JMP 71ab000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\WS2_32.DLL!listen 00000000750eb001 6 bytes JMP 71a5000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\WS2_32.DLL!WSAConnect 00000000750ecc3f 6 bytes JMP 71a8000a
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075265ea5 5 bytes JMP 0000000171f32c20
.text C:\Users\*****\Downloads\adt-bundle-windows-x86_64-20140702\adt-bundle-windows-x86_64-20140702\sdk\platform-tools\adb.exe[1524] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075299d0b 5 bytes JMP 0000000171f32bb0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess 000000007732fc20 3 bytes JMP 718a000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 4 000000007732fc24 2 bytes JMP 718a000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007732fc38 3 bytes JMP 7181000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 4 000000007732fc3c 2 bytes JMP 7181000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007732fd64 3 bytes JMP 7184000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 000000007732fd68 2 bytes JMP 7184000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000773300b4 3 bytes JMP 7187000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 00000000773300b8 2 bytes JMP 7187000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000773301c4 3 bytes JMP 7190000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey + 4 00000000773301c8 2 bytes JMP 7190000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077330a44 3 bytes JMP 718d000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey + 4 0000000077330a48 2 bytes JMP 718d000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077331920 3 bytes JMP 717e000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread + 4 0000000077331924 2 bytes JMP 717e000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000754b1f0e 7 bytes JMP 0000000171f33550
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000754b5bad 7 bytes JMP 0000000171f337f0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000754c1409 7 bytes JMP 0000000171f33650
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000754c3bbb 3 bytes JMP 717b000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000754c3bbf 2 bytes JMP 717b000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000754cea45 7 bytes JMP 0000000171f33540
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075558e24 7 bytes JMP 0000000171f33310
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075558ea9 5 bytes JMP 0000000171f333c0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 00000000755591ff 5 bytes JMP 0000000171f33320
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000076ed1d1b 5 bytes JMP 0000000171f332b0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000076ed1dc9 5 bytes JMP 0000000171f33270
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000076ed2aa4 5 bytes JMP 0000000171f333d0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076ed2c91 4 bytes CALL 71af0000
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000076ed2d0a 5 bytes JMP 0000000171f330b0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000756c8a29 5 bytes JMP 0000000171f32c60
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!SendMessageW 00000000756c9679 6 bytes JMP 719f000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000756d12a5 6 bytes JMP 7199000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!PostMessageA 00000000756d3baa 6 bytes JMP 719c000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000756d4572 5 bytes JMP 0000000171f33030
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!SendMessageA 00000000756d612e 6 bytes JMP 71a2000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000756ee567 5 bytes JMP 0000000171f330a0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!SendInput 00000000756eff4a 3 bytes JMP 71a5000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!SendInput + 4 00000000756eff4e 2 bytes JMP 71a5000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!mouse_event 000000007572027b 6 bytes JMP 71ab000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!keybd_event 00000000757202bf 6 bytes JMP 71a8000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075727a5c 5 bytes JMP 0000000171f33020
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ece96b 5 bytes JMP 0000000171f32cd0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075eceba5 5 bytes JMP 0000000171f32ce0
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceW 00000000750670c4 6 bytes JMP 7193000a
.text C:\Users\*****\Downloads\Gmer-19357.exe[6348] C:\Windows\syswow64\ADVAPI32.dll!CreateServiceA 0000000075083264 6 bytes JMP 7196000a
---- Processes - GMER 2.1 ----
Process C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (*** suspicious ***) @ C:\Users\*****\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe [3312](2013-02-11 14:02:35) 0000000000a00000
Library C:\Users\*****\AppData\Local\Temp\swtlib-64\swt-win32-3550.dll (*** suspicious ***) @ C:\Windows\system32\java.exe [7200] (SWT for Windows native library/Eclipse Foundation)(2014-09-08 13:45:05) 0000000010000000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 01:51:59
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******* - *******-PC
# Gestartet von : C:\Users\*******\Downloads\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : SearchAnonymizer
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DNSErrorHelper
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Ordner Gelöscht : C:\Program Files (x86)\MediaBuzzV1
Ordner Gelöscht : C:\Program Files (x86)\MediaPlayerV1
Ordner Gelöscht : C:\Program Files (x86)\MediaViewerV1
Ordner Gelöscht : C:\Program Files (x86)\MediaViewV1
Ordner Gelöscht : C:\Program Files (x86)\MediaWatchV1
Ordner Gelöscht : C:\Program Files (x86)\RichMediaViewV1
Ordner Gelöscht : C:\Program Files (x86)\VideoPlayerV3
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\*******\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\IminentToolbar
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\HELPER
Ordner Gelöscht : C:\Users\*******\AppData\Roaming\OCS
Ordner Gelöscht : C:\Users\*******\Documents\Updater
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\extension@preispilot.com.xpi
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\*******\AppData\Local\Temp\Searchqu.ini
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\invalidprefs.js
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [extension@preispilot.com]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [firejump@firejump.net]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\nfeonecgpoepapkmdgdmjolonaakdknd
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKCU\Software\580da8be66fbe42
Schlüssel Gelöscht : HKLM\SOFTWARE\580da8be66fbe42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9B6B03F1-16CF-4491-BBBB-E872802DD717}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{721061FB-EB79-4568-A03C-3CE26D68DAE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFan
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DesktopIconAmazon
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16575
-\\ Mozilla Firefox v32.0.1 (x86 de)
[ Datei : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.iminent.admin", false);
Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.iminent.id", "364bbcb3000000000000dc85de23e488");
Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16109");
Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.33:33:36");
Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent.adapters", "{\"iminent\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"expireTime\":\"13918268328491814400\"},\"amazon\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":[...]
Zeile gelöscht : user_pref("iminent.enabledAds", "false");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1391832572894");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1391827514794");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent105", "1391831505592");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1391830174270");
Zeile gelöscht : user_pref("iminent.version", "8.4.3.1");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.4.3.1\",\"InstallEventCTime\":1391826826099,\"InstallEvent\":\"True\"}");
-\\ Google Chrome v15.0.874.120
*************************
AdwCleaner[R0].txt - [9386 octets] - [21/09/2014 01:49:19]
AdwCleaner[S0].txt - [9086 octets] - [21/09/2014 01:51:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9146 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by ******* on 21.09.2014 at 2:05:14,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{0C190EF1-6246-4462-BF9B-6BFF789CF1C0}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{53932B4C-0ADB-4928-819F-32459D75E38D}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{684BED98-BAF9-4C33-AB7D-3D5148FDE0D7}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{78A9B83A-96BF-47E8-A5CC-27D323904361}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{9247BF9C-4BD2-42C8-8A34-B0C81F536D9E}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{AE65AE12-B293-4526-B38B-6A6D2E3A0753}
Successfully deleted: [Empty Folder] C:\Users\*******\appdata\local\{DF8105C1-28F7-4AE1-9D33-1028E450651B}
~~~ FireFox
Successfully deleted the following from C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\prefs.js
user_pref("avira.safe_search.search_was_active", "false");
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"14856555429a-09f17fbe44cdf2-42504136-0-1485655542a355\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1410802507");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"56ad264f3e1d24dce10e9776b96741fd6f47a007\"");
user_pref("extensions.safesearch.SAUTH_userid", "4300952305");
user_pref("extensions.safesearch.SAUTH_utoken", "\"86e6c35a667cfaab16472c5835a515883422fc5f\"");
user_pref("extensions.safesearch.install", "1410197705774");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_installer_name", "vbates_somoto_.exe");
user_pref("{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}.ScriptData_temp_installer_name", "vbates_somoto_.exe");
Emptied folder: C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\8t12mosy.default\minidumps [147 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 2:23:06,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
21.09.2014, 01:33
| #12 |
| | Nicht definierbare Einträge im Ereignislogbuch FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by ******* (administrator) on *******-PC on 21-09-2014 02:26:56
Running from C:\Users\*******\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchService.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\WTouch\WTouchUser.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Wacom Technology, Corp.) C:\Windows\System32\WTablet\Pen_TabletUser.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Windows\AsScrPro.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Ocs_SM] => C:\Users\*******\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2661672 2012-02-19] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1021056 2012-03-30] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [801408 2012-03-30] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-15] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2321072 2012-02-03] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2011-12-31] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816 2010-08-20] (CyberLink)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [328504 2013-01-11] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [205184 2012-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3058304 2012-08-14] (ASUS)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-21] (ASUS)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [102568 2012-02-21] (ASUS)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3773635360-3589719687-3993712204-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-09-14] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-09-14] (NVIDIA Corporation)
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ensonhaber Alarm.lnk
ShortcutTarget: Ensonhaber Alarm.lnk -> C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x250A1C6CB039CF01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP1B867F27-220C-4C3E-BF9F-407DCD78558A&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {B92A71DE-23FC-489F-B537-FE350C74BDF0} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE885&p={SearchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: QUICKfind BHO Object -> {C08DF07A-3E49-4E25-9AB0-D3882835F153} -> C:\Program Files (x86)\IDM\QUICKfind\PlugIns\IEHelp.dll (IDM)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_45 -> C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\*******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\98941506-d865-4ffd-a8db-da5a32d4be77.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\avira-safesearch.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\google-default.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{002E3E7B-A688-49FC-8BE9-CCA7EBB47BEC}.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{3CED5DB9-007E-40CB-8CBB-4AF88EE949DE}.xml
FF SearchPlugin: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\searchplugins\{76E1CA73-5A2E-4CCC-8400-FC1BCEAA9571}.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\abs@avira.com [2014-09-04]
FF Extension: FoxyProxy Standard - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\foxyproxy@eric.h.jung [2014-09-06]
FF Extension: ProxTube - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\ich@maltegoetz.de.xpi [2014-09-12]
FF Extension: NoSquint - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\nosquint@urandom.ca.xpi [2013-02-10]
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-29]
FF Extension: Adblock Edge - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\8t12mosy.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2013-06-21]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [lrcfan@fansoft.br] - C:\Program Files (x86)\LyricsFan\FF
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4754256 2014-08-13] (Emsisoft GmbH)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-02-17] (Adobe Systems) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315352 2014-06-05] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [127272 2009-07-15] (Wacom Technology, Corp.)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-30] (Atheros)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R3 AsusVBus; C:\Windows\System32\DRIVERS\AsusVBus.sys [35968 2012-04-12] (Windows (R) Win 7 DDK provider)
R3 AsusVTouch; C:\Windows\System32\DRIVERS\AsusVTouch.sys [16512 2012-04-12] (Windows (R) Win 7 DDK provider)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-08-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-08-15] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-18] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299152 2014-09-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 02:26 - 2014-09-21 02:26 - 00000000 ____D () C:\Users\*******\Downloads\FRST-OlderVersion
2014-09-21 02:23 - 2014-09-21 02:23 - 00002429 _____ () C:\Users\*******\Desktop\JRT.txt
2014-09-21 02:05 - 2014-09-21 02:05 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 02:03 - 2014-09-21 02:03 - 01027006 _____ (Thisisu) C:\Users\*******\Downloads\JRT.exe
2014-09-21 01:58 - 2014-09-21 01:58 - 00009251 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt
2014-09-21 01:50 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-21 01:49 - 2014-09-21 01:52 - 00000000 ____D () C:\AdwCleaner
2014-09-21 01:44 - 2014-09-21 01:45 - 01373475 _____ () C:\Users\*******\Downloads\AdwCleaner_3.310.exe
2014-09-20 23:53 - 2014-09-20 23:53 - 00096421 _____ () C:\Users\*******\Downloads\logfiles(1).zip
2014-09-20 23:53 - 2014-09-20 23:53 - 00000000 ____D () C:\Users\*******\Downloads\logfiles(1)
2014-09-20 23:46 - 2014-09-20 23:46 - 00096421 _____ () C:\Users\*******\Downloads\logfiles.zip
2014-09-20 23:35 - 2014-09-20 23:35 - 01110476 _____ () C:\Users\*******\Downloads\7z920(1).exe
2014-09-19 19:24 - 2014-09-19 19:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-19 19:23 - 2014-09-19 19:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-19 19:23 - 2014-09-19 19:23 - 00000000 ____D () C:\Windows\system32\NV
2014-09-19 19:23 - 2014-09-13 22:13 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-19 19:20 - 2014-09-14 01:48 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-19 19:20 - 2014-09-14 01:48 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-19 19:20 - 2014-09-14 01:48 - 00299152 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-09-19 19:20 - 2014-09-14 01:48 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-09-19 16:38 - 2014-09-19 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 23:43 - 2014-09-15 23:43 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-15 23:43 - 2014-09-15 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-15 23:43 - 2014-09-15 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-15 23:39 - 2014-09-15 23:40 - 41945432 _____ (Apple Inc.) C:\Users\*******\Downloads\QuickTimeInstaller.exe
2014-09-15 13:41 - 2014-09-15 13:41 - 00050500 _____ () C:\Users\*******\Downloads\Shaker.zip
2014-09-14 15:07 - 2014-09-14 15:08 - 00050477 _____ () C:\Users\*******\Downloads\Defogger(1).exe
2014-09-14 02:09 - 2014-09-20 23:44 - 00000000 ____D () C:\Users\*******\Desktop\ak
2014-09-13 15:36 - 2014-09-13 15:36 - 03687773 _____ () C:\Users\*******\Downloads\ispeech-android-sdk-demo-docs-20131009.zip
2014-09-13 15:36 - 2014-09-13 15:36 - 00000000 ____D () C:\Users\*******\Downloads\ispeech-android-sdk-demo-docs-20131009
2014-09-10 11:44 - 2014-07-02 22:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll
2014-09-10 11:44 - 2014-07-02 22:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-10 02:46 - 2014-09-10 02:46 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-10 02:46 - 2014-09-10 02:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 02:46 - 2014-09-10 02:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 02:46 - 2014-09-10 02:46 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 02:46 - 2014-09-10 02:46 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 02:46 - 2014-09-10 02:46 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-10 02:46 - 2014-09-10 02:46 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-10 02:46 - 2014-09-10 02:46 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-10 02:46 - 2014-09-10 02:46 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-10 02:46 - 2014-09-10 02:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-10 02:27 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 02:27 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 02:26 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 02:26 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 02:26 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 02:26 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 02:26 - 2013-02-15 08:08 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\wecsvc.dll
2014-09-10 02:26 - 2013-02-15 08:08 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wecapi.dll
2014-09-10 02:26 - 2013-02-15 05:53 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\wecutil.exe
2014-09-10 02:26 - 2013-02-15 04:54 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecutil.exe
2014-09-10 02:26 - 2013-02-15 04:54 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wecapi.dll
2014-09-10 02:24 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 02:24 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 02:03 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-10 02:03 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-10 02:03 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-10 02:03 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-10 02:03 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-10 02:03 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-10 02:03 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-10 02:03 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-10 02:03 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-10 02:03 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-10 02:03 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-10 02:03 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-10 01:54 - 2014-09-10 03:00 - 00001411 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-10 01:21 - 2014-09-10 01:21 - 00000704 _____ () C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2014-09-10 01:15 - 2014-09-10 01:18 - 141640448 _____ (Intel Corporation) C:\Users\*******\Downloads\Win64_153322.exe
2014-09-10 00:46 - 2014-09-10 00:48 - 112361152 _____ (Lenovo Group Limited ) C:\Users\*******\Downloads\g3d616ww.exe
2014-09-09 15:26 - 2014-09-09 15:50 - 00000000 ____D () C:\d2d67027fb5874d3c0800e
2014-09-09 06:54 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-09 06:54 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-09-09 06:54 - 2014-01-09 04:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-09 06:54 - 2014-01-04 00:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-09 06:27 - 2012-08-23 16:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-09 06:27 - 2012-08-23 16:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-09-09 06:27 - 2012-08-23 13:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-09-09 06:27 - 2012-08-23 12:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-09-09 06:14 - 2013-10-02 04:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-09 06:14 - 2013-10-02 04:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-09 06:14 - 2013-10-02 04:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-09 06:14 - 2013-10-02 03:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-09 06:14 - 2013-10-02 03:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-09 06:14 - 2013-10-02 03:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-09 06:14 - 2013-10-02 03:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-09 06:14 - 2013-10-02 02:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-09 06:14 - 2013-10-02 02:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-09-09 06:14 - 2013-10-02 02:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-09-09 06:14 - 2013-10-02 02:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-09 06:14 - 2013-10-02 02:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-09 06:14 - 2013-10-02 01:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-09-09 06:14 - 2013-10-02 01:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-09 06:14 - 2013-10-02 01:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-09 06:14 - 2013-10-02 00:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-09-09 05:51 - 2014-09-09 05:51 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-09 05:01 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-09-09 05:01 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-09-09 05:01 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-09-09 05:01 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-09-09 05:01 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-09-09 05:01 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-09-09 05:01 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-09-09 05:01 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-09-09 04:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-09 04:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-09 04:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-09 04:59 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-09 04:59 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-09 04:59 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-09 04:59 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-09 04:59 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-09 04:59 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-09-09 04:58 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-09 04:58 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-09 04:58 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-09 04:58 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-09 04:58 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-09 04:58 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-09 04:58 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-09 04:58 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-09 04:58 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-09 04:58 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-09 04:58 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-09 04:58 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-09 04:58 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-09 04:58 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-09 04:58 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-09 04:58 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-09 04:58 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-09-09 04:58 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-09-09 04:58 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-09-09 04:58 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-09-09 04:58 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-09-09 04:58 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-09-09 04:58 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-09-09 04:58 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-09-09 04:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-09-09 04:58 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-09-09 04:29 - 2014-09-09 05:42 - 00000000 ____D () C:\Windows\pss
2014-09-09 04:28 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-09 04:28 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-09 04:28 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-09 04:28 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-09 04:28 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-09 04:28 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-09 04:28 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-09 04:28 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-09 04:28 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-09 04:28 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-09 04:24 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-09 04:24 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-09 04:24 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-09 04:24 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-09-09 03:41 - 2014-09-10 01:28 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-09-09 01:00 - 2014-09-09 01:00 - 02401656 _____ () C:\Users\*******\Downloads\BasteldroidRoboterSpielMehrLevel.zip
2014-09-09 01:00 - 2014-09-09 01:00 - 00000000 ____D () C:\Users\*******\Downloads\BasteldroidRoboterSpielMehrLevel
2014-09-08 23:12 - 2014-09-08 23:12 - 00000000 ____D () C:\Users\*******\Downloads\RoboterSpiel
2014-09-08 23:09 - 2014-09-08 23:09 - 02590349 _____ () C:\Users\*******\Downloads\RoboterSpiel.zip
2014-09-08 22:27 - 2014-09-08 22:27 - 00000000 ____D () C:\Users\*******\Downloads\assets_raw
2014-09-08 22:26 - 2014-09-08 22:26 - 01868316 _____ () C:\Users\*******\Downloads\assets_raw.zip
2014-09-08 22:19 - 2014-09-08 22:19 - 00421670 _____ () C:\Users\*******\Downloads\AndroidSpielGrundgerüst.zip
2014-09-08 22:19 - 2014-09-08 22:19 - 00000000 ____D () C:\Users\*******\Downloads\AndroidSpielGrundgerüst
2014-09-08 20:02 - 2014-09-08 20:02 - 00095160 _____ () C:\Users\*******\Downloads\Extras.Txt
2014-09-08 20:00 - 2014-09-08 20:00 - 00110144 _____ () C:\Users\*******\Downloads\OTL.Txt
2014-09-08 19:43 - 2014-09-08 19:43 - 00602112 _____ (OldTimer Tools) C:\Users\*******\Downloads\OTL.exe
2014-09-08 19:41 - 2014-09-08 19:39 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-08 19:39 - 2014-09-08 19:39 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Avira
2014-09-08 19:38 - 2014-08-15 10:30 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-09-08 19:38 - 2014-08-15 10:30 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-09-08 19:38 - 2014-08-15 10:30 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-09-08 19:34 - 2014-09-08 19:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 19:34 - 2014-09-08 19:38 - 00000000 ____D () C:\ProgramData\Avira
2014-09-08 19:34 - 2014-09-08 19:38 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 19:34 - 2014-09-08 19:34 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Downloads\avira_de_av___ws(1).exe
2014-09-08 19:34 - 2014-09-08 19:34 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 19:34 - 2014-09-08 19:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 18:16 - 2014-09-08 18:17 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe
2014-09-08 18:13 - 2014-09-08 18:15 - 00049866 _____ () C:\Users\*******\Downloads\Addition.txt
2014-09-08 18:11 - 2014-09-21 02:26 - 02105856 _____ (Farbar) C:\Users\*******\Downloads\FRST64.exe
2014-09-08 18:11 - 2014-09-21 02:26 - 00025969 _____ () C:\Users\*******\Downloads\FRST.txt
2014-09-08 18:11 - 2014-09-21 02:26 - 00000000 ____D () C:\FRST
2014-09-08 17:55 - 2014-09-15 17:49 - 00000000 ____D () C:\Users\*******\Desktop\workspace
2014-09-08 17:20 - 2014-09-14 15:08 - 00000478 _____ () C:\Users\*******\Downloads\defogger_disable.log
2014-09-08 17:20 - 2014-09-08 17:20 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-08 17:10 - 2014-09-08 17:10 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2014-09-08 15:28 - 2014-09-09 00:15 - 00000000 ____D () C:\Users\*******\.android
2014-09-08 15:19 - 2014-09-08 15:19 - 00000000 ____D () C:\Users\*******\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-08 15:09 - 2014-09-08 15:18 - 370763706 _____ () C:\Users\*******\Downloads\adt-bundle-windows-x86_64-20140702.zip
2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\*******\Downloads\eclipse-SDK-4.2.1-win32-x86_64
2014-09-08 14:46 - 2014-09-08 14:51 - 192039575 _____ () C:\Users\*******\Downloads\eclipse-SDK-4.2.1-win32-x86_64.zip
2014-09-08 14:40 - 2014-09-08 14:40 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2014-09-08 14:40 - 2014-09-08 14:40 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2014-09-08 14:40 - 2014-09-08 14:40 - 00196528 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00000000 ____D () C:\Program Files\Java
2014-09-08 14:39 - 2014-09-08 14:39 - 17355184 _____ (Sun Microsystems, Inc.) C:\Users\*******\Downloads\jre-6u45-windows-x64.exe
2014-09-08 03:59 - 2014-09-08 03:59 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-6
2014-09-08 03:57 - 2014-09-08 03:58 - 05237645 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-6.zip
2014-09-08 03:54 - 2014-09-08 03:54 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-9
2014-09-08 03:46 - 2014-09-08 03:47 - 05241659 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-9.zip
2014-09-08 03:28 - 2014-09-08 03:28 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-1
2014-09-08 02:46 - 2014-09-08 02:49 - 05235554 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-2.zip
2014-09-08 02:33 - 2014-09-08 02:38 - 12225471 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-1.zip
2014-09-08 02:05 - 2014-09-08 03:56 - 00000000 ____D () C:\Users\*******\workspace
2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\20cf004b03143b5f40
2014-09-07 21:37 - 2014-09-07 21:39 - 07740264 _____ (Microsoft Corporation) C:\Users\*******\Downloads\WindowsUpdateAgent30-x64.exe
2014-09-07 21:33 - 2014-09-07 21:33 - 95320394 _____ () C:\Users\*******\Desktop\COMPONENTS.reg
2014-09-07 21:04 - 2014-09-07 21:05 - 00689664 _____ () C:\Users\*******\Downloads\MicrosoftFixit50202.msi
2014-09-07 20:12 - 2014-09-07 20:17 - 13849784 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall(1).exe
2014-09-07 19:32 - 2014-09-07 19:32 - 00000000 ____D () C:\Users\*******\Downloads\L27
2014-09-07 18:12 - 2014-09-07 18:12 - 00000000 ____D () C:\Users\*******\Downloads\L5
2014-09-07 18:11 - 2014-09-07 18:12 - 05054706 _____ () C:\Users\*******\Downloads\L5.zip
2014-09-07 16:52 - 2014-09-07 16:52 - 00000000 ____D () C:\Users\*******\Downloads\L4
2014-09-07 16:50 - 2014-09-07 16:52 - 04958141 _____ () C:\Users\*******\Downloads\L4.zip
2014-09-07 00:48 - 2014-09-07 00:48 - 00000155 _____ () C:\Users\*******\.appletviewer
2014-09-06 14:28 - 2014-09-06 14:28 - 00000000 ____D () C:\Users\*******\Desktop\eclipse-standard-luna-R-win32-x86_64
2014-09-06 03:19 - 2014-09-06 06:25 - 215807131 _____ () C:\Users\*******\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
2014-09-05 14:06 - 2014-09-05 14:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 05:30 - 2014-09-21 01:58 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-05 05:30 - 2014-09-05 05:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 05:30 - 2014-09-05 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 04:27 - 2014-09-05 05:29 - 164038912 _____ (Emsisoft GmbH ) C:\Users\*******\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-05 04:16 - 2014-09-05 04:24 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-05 03:21 - 2014-09-18 19:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-05 03:20 - 2014-09-05 04:26 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 03:20 - 2014-09-05 04:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-05 03:20 - 2014-09-05 04:26 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 03:20 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 03:20 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-05 03:20 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-05 03:20 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-05 03:13 - 2014-09-05 03:19 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 02:42 - 2014-09-05 02:53 - 00000000 ____D () C:\Users\*******\Downloads\cports-x64
2014-09-05 02:42 - 2014-09-05 02:42 - 00107492 _____ () C:\Users\*******\Downloads\cports-x64.zip
2014-08-28 18:46 - 2014-08-28 18:47 - 00659456 _____ (Speed Guide Inc.) C:\Users\*******\Downloads\TCPOptimizer.exe
2014-08-27 21:31 - 2014-08-27 22:02 - 00000000 ____D () C:\Users\*******\Downloads\TL-WR702N_V1_130527_Beta
2014-08-25 19:04 - 2014-08-25 19:05 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Downloads\avira_de_av___ws.exe
2014-08-25 18:55 - 2014-08-25 18:55 - 00000000 ____D () C:\Users\*******\Downloads\mse-install45
2014-08-25 18:52 - 2014-08-25 18:57 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Abelssoft
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Abelssoft
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-25 18:50 - 2014-08-25 18:55 - 24625644 _____ () C:\Users\*******\Downloads\mse-install45.zip
2014-08-25 18:50 - 2014-08-25 18:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DesktopIconGoodgame
2014-08-25 18:49 - 2014-08-25 18:49 - 01101648 _____ () C:\Users\*******\Downloads\Microsoft Security Essentials - CHIP-Installer.exe
2014-08-25 05:15 - 2014-09-07 20:56 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-08-25 05:10 - 2014-08-25 05:14 - 13849784 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 02:27 - 2014-09-08 18:11 - 00025969 _____ () C:\Users\*******\Downloads\FRST.txt
2014-09-21 02:26 - 2014-09-21 02:26 - 00000000 ____D () C:\Users\*******\Downloads\FRST-OlderVersion
2014-09-21 02:26 - 2014-09-08 18:11 - 02105856 _____ (Farbar) C:\Users\*******\Downloads\FRST64.exe
2014-09-21 02:26 - 2014-09-08 18:11 - 00000000 ____D () C:\FRST
2014-09-21 02:23 - 2014-09-21 02:23 - 00002429 _____ () C:\Users\*******\Desktop\JRT.txt
2014-09-21 02:05 - 2014-09-21 02:05 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 02:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 02:05 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 02:03 - 2014-09-21 02:03 - 01027006 _____ (Thisisu) C:\Users\*******\Downloads\JRT.exe
2014-09-21 01:59 - 2013-02-09 23:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-21 01:59 - 2013-02-09 23:14 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Skype
2014-09-21 01:58 - 2014-09-21 01:58 - 00009251 _____ () C:\Users\*******\Desktop\AdwCleaner[S0].txt
2014-09-21 01:58 - 2014-09-05 05:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2014-09-21 01:58 - 2013-02-09 21:49 - 00000387 _____ () C:\Users\*******\AppData\Roaming\sp_data.sys
2014-09-21 01:57 - 2009-07-14 06:51 - 00113146 _____ () C:\Windows\setupact.log
2014-09-21 01:56 - 2013-06-22 16:23 - 00000000 ____D () C:\Users\*******\AppData\Roaming\WTablet
2014-09-21 01:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 01:54 - 2012-08-14 17:39 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-21 01:53 - 2012-02-24 03:34 - 00485122 _____ () C:\Windows\PFRO.log
2014-09-21 01:52 - 2014-09-21 01:49 - 00000000 ____D () C:\AdwCleaner
2014-09-21 01:52 - 2012-08-14 17:28 - 01371136 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 01:45 - 2014-09-21 01:44 - 01373475 _____ () C:\Users\*******\Downloads\AdwCleaner_3.310.exe
2014-09-20 23:53 - 2014-09-20 23:53 - 00096421 _____ () C:\Users\*******\Downloads\logfiles(1).zip
2014-09-20 23:53 - 2014-09-20 23:53 - 00000000 ____D () C:\Users\*******\Downloads\logfiles(1)
2014-09-20 23:46 - 2014-09-20 23:46 - 00096421 _____ () C:\Users\*******\Downloads\logfiles.zip
2014-09-20 23:44 - 2014-09-14 02:09 - 00000000 ____D () C:\Users\*******\Desktop\ak
2014-09-20 23:35 - 2014-09-20 23:35 - 01110476 _____ () C:\Users\*******\Downloads\7z920(1).exe
2014-09-19 19:24 - 2014-09-19 19:24 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-09-19 19:24 - 2014-03-08 01:27 - 00000000 ____D () C:\temp
2014-09-19 19:24 - 2012-08-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-09-19 19:23 - 2014-09-19 19:23 - 00000000 ____D () C:\Windows\SysWOW64\NV
2014-09-19 19:23 - 2014-09-19 19:23 - 00000000 ____D () C:\Windows\system32\NV
2014-09-19 19:23 - 2012-08-14 17:38 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-09-19 16:38 - 2014-09-19 16:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-18 19:03 - 2014-09-05 03:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 23:43 - 2014-09-15 23:43 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-15 23:43 - 2014-09-15 23:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-15 23:43 - 2014-09-15 23:43 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-15 23:43 - 2013-03-02 01:25 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-09-15 23:40 - 2014-09-15 23:39 - 41945432 _____ (Apple Inc.) C:\Users\*******\Downloads\QuickTimeInstaller.exe
2014-09-15 17:49 - 2014-09-08 17:55 - 00000000 ____D () C:\Users\*******\Desktop\workspace
2014-09-15 13:41 - 2014-09-15 13:41 - 00050500 _____ () C:\Users\*******\Downloads\Shaker.zip
2014-09-14 15:08 - 2014-09-14 15:07 - 00050477 _____ () C:\Users\*******\Downloads\Defogger(1).exe
2014-09-14 15:08 - 2014-09-08 17:20 - 00000478 _____ () C:\Users\*******\Downloads\defogger_disable.log
2014-09-14 01:48 - 2014-09-19 19:20 - 31887680 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 24552592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 20922512 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 20589536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 19954520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 18106152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 17259664 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 14026304 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 13939272 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 13157696 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-09-14 01:48 - 2014-09-19 19:20 - 11392576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 11330776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 04287296 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 04008592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 01876296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434411.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 01539272 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434411.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00957584 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00925896 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00919240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00894096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00501064 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00417096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00393024 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00352016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00348304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00303600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-09-14 01:48 - 2014-09-19 19:20 - 00299152 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvkflt.sys
2014-09-14 01:48 - 2014-09-19 19:20 - 00032576 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2014-09-14 01:48 - 2014-03-11 00:38 - 16875856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 03223120 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 02838424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 00984424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 00867528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 00174856 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 00156840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-09-14 01:48 - 2012-08-14 17:38 - 00026956 _____ () C:\Windows\system32\nvinfo.pb
2014-09-13 23:53 - 2012-08-14 17:39 - 06890696 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 03529872 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 02557640 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 01087688 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 00934216 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-09-13 23:53 - 2012-08-14 17:39 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 00067072 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2014-09-13 23:53 - 2012-08-14 17:39 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-09-13 22:13 - 2014-09-19 19:23 - 00613696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-09-13 15:36 - 2014-09-13 15:36 - 03687773 _____ () C:\Users\*******\Downloads\ispeech-android-sdk-demo-docs-20131009.zip
2014-09-13 15:36 - 2014-09-13 15:36 - 00000000 ____D () C:\Users\*******\Downloads\ispeech-android-sdk-demo-docs-20131009
2014-09-12 17:09 - 2013-02-09 23:49 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-12 17:09 - 2013-02-09 23:49 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-12 15:10 - 2013-02-09 23:48 - 00000000 ____D () C:\Users\*******\AppData\Local\CrashDumps
2014-09-11 17:37 - 2012-08-14 17:39 - 03961833 _____ () C:\Windows\system32\nvcoproc.bin
2014-09-10 11:45 - 2012-08-14 17:38 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-09-10 03:00 - 2014-09-10 01:54 - 00001411 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-10 03:00 - 2014-03-07 04:51 - 00001445 _____ () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-10 02:56 - 2009-07-14 06:45 - 00356256 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-10 02:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-10 02:47 - 2013-03-24 04:00 - 00005658 _____ () C:\Windows\IE9_main.log
2014-09-10 02:46 - 2014-09-10 02:46 - 17868288 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 12363264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 03695416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-09-10 02:46 - 2014-09-10 02:46 - 03695416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-09-10 02:46 - 2014-09-10 02:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 02:46 - 2014-09-10 02:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 02:46 - 2014-09-10 02:46 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 02156032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01802240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 02:46 - 2014-09-10 02:46 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 02:46 - 2014-09-10 02:46 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01384960 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-09-10 02:46 - 2014-09-10 02:46 - 00434176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00403248 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-09-10 02:46 - 2014-09-10 02:46 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00353584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\ieaksie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieaksie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\ieakui.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\ieakeng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieakeng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00118784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00114176 _____ (Microsoft Corporation) C:\Windows\system32\admparse.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admparse.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-09-10 02:46 - 2014-09-10 02:46 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00074752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ie4uinit.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-09-10 02:46 - 2014-09-10 02:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00054272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-09-10 02:46 - 2014-09-10 02:46 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 02:46 - 2014-09-10 02:46 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-09-10 02:43 - 2013-08-20 06:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 02:29 - 2013-07-15 23:04 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 02:27 - 2014-05-07 17:52 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 02:12 - 2013-02-09 21:49 - 00000000 ____D () C:\Users\*******\Documents\Bluetooth Folder
2014-09-10 01:29 - 2012-08-14 17:37 - 00018282 _____ () C:\Windows\system32\results.xml
2014-09-10 01:28 - 2014-09-09 03:41 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-09-10 01:28 - 2013-02-09 21:45 - 00000000 ____D () C:\Users\*******
2014-09-10 01:21 - 2014-09-10 01:21 - 00000704 _____ () C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2014-09-10 01:18 - 2014-09-10 01:15 - 141640448 _____ (Intel Corporation) C:\Users\*******\Downloads\Win64_153322.exe
2014-09-10 00:48 - 2014-09-10 00:46 - 112361152 _____ (Lenovo Group Limited ) C:\Users\*******\Downloads\g3d616ww.exe
2014-09-09 16:48 - 2012-08-14 17:33 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-09-09 16:48 - 2012-02-24 04:29 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-09 16:25 - 2013-02-09 23:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-09 16:18 - 2012-02-24 04:29 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-09 15:50 - 2014-09-09 15:26 - 00000000 ____D () C:\d2d67027fb5874d3c0800e
2014-09-09 07:33 - 2014-02-28 05:20 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-09-09 06:49 - 2012-08-14 17:28 - 00000000 ____D () C:\Windows\SoftwareDistribution.bak
2014-09-09 06:22 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-09 05:51 - 2014-09-09 05:51 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-09-09 05:42 - 2014-09-09 04:29 - 00000000 ____D () C:\Windows\pss
2014-09-09 05:16 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-09 05:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-09 05:16 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-09 01:00 - 2014-09-09 01:00 - 02401656 _____ () C:\Users\*******\Downloads\BasteldroidRoboterSpielMehrLevel.zip
2014-09-09 01:00 - 2014-09-09 01:00 - 00000000 ____D () C:\Users\*******\Downloads\BasteldroidRoboterSpielMehrLevel
2014-09-09 00:15 - 2014-09-08 15:28 - 00000000 ____D () C:\Users\*******\.android
2014-09-08 23:12 - 2014-09-08 23:12 - 00000000 ____D () C:\Users\*******\Downloads\RoboterSpiel
2014-09-08 23:09 - 2014-09-08 23:09 - 02590349 _____ () C:\Users\*******\Downloads\RoboterSpiel.zip
2014-09-08 22:27 - 2014-09-08 22:27 - 00000000 ____D () C:\Users\*******\Downloads\assets_raw
2014-09-08 22:26 - 2014-09-08 22:26 - 01868316 _____ () C:\Users\*******\Downloads\assets_raw.zip
2014-09-08 22:19 - 2014-09-08 22:19 - 00421670 _____ () C:\Users\*******\Downloads\AndroidSpielGrundgerüst.zip
2014-09-08 22:19 - 2014-09-08 22:19 - 00000000 ____D () C:\Users\*******\Downloads\AndroidSpielGrundgerüst
2014-09-08 20:28 - 2013-02-24 03:48 - 00000000 ____D () C:\Users\*******\AppData\Roaming\SoftGrid Client
2014-09-08 20:02 - 2014-09-08 20:02 - 00095160 _____ () C:\Users\*******\Downloads\Extras.Txt
2014-09-08 20:00 - 2014-09-08 20:00 - 00110144 _____ () C:\Users\*******\Downloads\OTL.Txt
2014-09-08 19:43 - 2014-09-08 19:43 - 00602112 _____ (OldTimer Tools) C:\Users\*******\Downloads\OTL.exe
2014-09-08 19:39 - 2014-09-08 19:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-09-08 19:39 - 2014-09-08 19:39 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Avira
2014-09-08 19:39 - 2014-09-08 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-08 19:38 - 2014-09-08 19:34 - 00000000 ____D () C:\ProgramData\Avira
2014-09-08 19:38 - 2014-09-08 19:34 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-09-08 19:34 - 2014-09-08 19:34 - 04755688 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Downloads\avira_de_av___ws(1).exe
2014-09-08 19:34 - 2014-09-08 19:34 - 00001139 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-08 19:34 - 2014-09-08 19:34 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-08 18:17 - 2014-09-08 18:16 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe
2014-09-08 18:15 - 2014-09-08 18:13 - 00049866 _____ () C:\Users\*******\Downloads\Addition.txt
2014-09-08 17:20 - 2014-09-08 17:20 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-09-08 17:10 - 2014-09-08 17:10 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2014-09-08 15:19 - 2014-09-08 15:19 - 00000000 ____D () C:\Users\*******\Downloads\adt-bundle-windows-x86_64-20140702
2014-09-08 15:18 - 2014-09-08 15:09 - 370763706 _____ () C:\Users\*******\Downloads\adt-bundle-windows-x86_64-20140702.zip
2014-09-08 14:51 - 2014-09-08 14:51 - 00000000 ____D () C:\Users\*******\Downloads\eclipse-SDK-4.2.1-win32-x86_64
2014-09-08 14:51 - 2014-09-08 14:46 - 192039575 _____ () C:\Users\*******\Downloads\eclipse-SDK-4.2.1-win32-x86_64.zip
2014-09-08 14:40 - 2014-09-08 14:40 - 00545200 _____ (Sun Microsystems, Inc.) C:\Windows\system32\npdeployJava1.dll
2014-09-08 14:40 - 2014-09-08 14:40 - 00526768 _____ (Sun Microsystems, Inc.) C:\Windows\system32\deployJava1.dll
2014-09-08 14:40 - 2014-09-08 14:40 - 00196528 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaws.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\javaw.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00172976 _____ (Sun Microsystems, Inc.) C:\Windows\system32\java.exe
2014-09-08 14:40 - 2014-09-08 14:40 - 00000000 ____D () C:\Program Files\Java
2014-09-08 14:39 - 2014-09-08 14:39 - 17355184 _____ (Sun Microsystems, Inc.) C:\Users\*******\Downloads\jre-6u45-windows-x64.exe
2014-09-08 14:35 - 2013-02-17 00:52 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-08 03:59 - 2014-09-08 03:59 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-6
2014-09-08 03:58 - 2014-09-08 03:57 - 05237645 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-6.zip
2014-09-08 03:56 - 2014-09-08 02:05 - 00000000 ____D () C:\Users\*******\workspace
2014-09-08 03:54 - 2014-09-08 03:54 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-9
2014-09-08 03:47 - 2014-09-08 03:46 - 05241659 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-9.zip
2014-09-08 03:28 - 2014-09-08 03:28 - 00000000 ____D () C:\Users\*******\Downloads\Kapitel-3-Lektion-1
2014-09-08 02:49 - 2014-09-08 02:46 - 05235554 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-2.zip
2014-09-08 02:38 - 2014-09-08 02:33 - 12225471 _____ () C:\Users\*******\Downloads\Kapitel-3-Lektion-1.zip
2014-09-07 21:39 - 2014-09-07 21:39 - 00000000 ____D () C:\20cf004b03143b5f40
2014-09-07 21:39 - 2014-09-07 21:37 - 07740264 _____ (Microsoft Corporation) C:\Users\*******\Downloads\WindowsUpdateAgent30-x64.exe
2014-09-07 21:33 - 2014-09-07 21:33 - 95320394 _____ () C:\Users\*******\Desktop\COMPONENTS.reg
2014-09-07 21:05 - 2014-09-07 21:04 - 00689664 _____ () C:\Users\*******\Downloads\MicrosoftFixit50202.msi
2014-09-07 20:56 - 2014-08-25 05:15 - 00002115 _____ () C:\Windows\epplauncher.mif
2014-09-07 20:29 - 2011-02-19 06:24 - 07663150 _____ () C:\Windows\system32\perfh007.dat
2014-09-07 20:29 - 2011-02-19 06:24 - 02385206 _____ () C:\Windows\system32\perfc007.dat
2014-09-07 20:29 - 2009-07-14 07:13 - 00006488 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-07 20:26 - 2012-02-24 04:51 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-07 20:17 - 2014-09-07 20:12 - 13849784 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall(1).exe
2014-09-07 19:32 - 2014-09-07 19:32 - 00000000 ____D () C:\Users\*******\Downloads\L27
2014-09-07 18:12 - 2014-09-07 18:12 - 00000000 ____D () C:\Users\*******\Downloads\L5
2014-09-07 18:12 - 2014-09-07 18:11 - 05054706 _____ () C:\Users\*******\Downloads\L5.zip
2014-09-07 16:52 - 2014-09-07 16:52 - 00000000 ____D () C:\Users\*******\Downloads\L4
2014-09-07 16:52 - 2014-09-07 16:50 - 04958141 _____ () C:\Users\*******\Downloads\L4.zip
2014-09-07 12:02 - 2012-08-14 17:33 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-09-07 00:48 - 2014-09-07 00:48 - 00000155 _____ () C:\Users\*******\.appletviewer
2014-09-06 14:28 - 2014-09-06 14:28 - 00000000 ____D () C:\Users\*******\Desktop\eclipse-standard-luna-R-win32-x86_64
2014-09-06 06:25 - 2014-09-06 03:19 - 215807131 _____ () C:\Users\*******\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
2014-09-05 14:06 - 2014-09-05 14:06 - 00000000 ____D () C:\ProgramData\Emsisoft
2014-09-05 05:30 - 2014-09-05 05:30 - 00001097 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2014-09-05 05:30 - 2014-09-05 05:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-09-05 05:29 - 2014-09-05 04:27 - 164038912 _____ (Emsisoft GmbH ) C:\Users\*******\Downloads\EmsisoftAntiMalwareSetup.exe
2014-09-05 04:26 - 2014-09-05 03:20 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-05 04:26 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-05 04:26 - 2014-09-05 03:20 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-05 04:24 - 2014-09-05 04:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.2.1012(1).exe
2014-09-05 04:10 - 2014-09-10 02:24 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 02:24 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-05 03:58 - 2014-02-25 07:50 - 00000000 ____D () C:\Windows\apktool1.5.2
2014-09-05 03:20 - 2014-09-05 03:20 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-05 03:19 - 2014-09-05 03:13 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\*******\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-05 02:53 - 2014-09-05 02:42 - 00000000 ____D () C:\Users\*******\Downloads\cports-x64
2014-09-05 02:42 - 2014-09-05 02:42 - 00107492 _____ () C:\Users\*******\Downloads\cports-x64.zip
2014-08-28 18:47 - 2014-08-28 18:46 - 00659456 _____ (Speed Guide Inc.) C:\Users\*******\Downloads\TCPOptimizer.exe
2014-08-27 22:02 - 2014-08-27 21:31 - 00000000 ____D () C:\Users\*******\Downloads\TL-WR702N_V1_130527_Beta
2014-08-25 19:05 - 2014-08-25 19:04 - 04791736 _____ (Avira Operations GmbH & Co. KG) C:\Users\*******\Downloads\avira_de_av___ws.exe
2014-08-25 18:57 - 2014-08-25 18:52 - 00000000 ____D () C:\Windows\System32\Tasks\Abelssoft
2014-08-25 18:55 - 2014-08-25 18:55 - 00000000 ____D () C:\Users\*******\Downloads\mse-install45
2014-08-25 18:55 - 2014-08-25 18:50 - 24625644 _____ () C:\Users\*******\Downloads\mse-install45.zip
2014-08-25 18:55 - 2013-02-09 21:45 - 00105184 _____ () C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Abelssoft
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Abelssoft
2014-08-25 18:52 - 2014-08-25 18:52 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-08-25 18:50 - 2014-08-25 18:50 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DesktopIconGoodgame
2014-08-25 18:49 - 2014-08-25 18:49 - 01101648 _____ () C:\Users\*******\Downloads\Microsoft Security Essentials - CHIP-Installer.exe
2014-08-25 06:53 - 2014-09-09 04:58 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-25 05:14 - 2014-08-25 05:10 - 13849784 _____ (Microsoft Corporation) C:\Users\*******\Downloads\mseinstall.exe
2014-08-23 04:07 - 2014-09-09 04:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-09-09 04:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-09-09 04:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\avgnt.exe
C:\Users\*******\AppData\Local\Temp\BackupSetup.exe
C:\Users\*******\AppData\Local\Temp\COMAP.EXE
C:\Users\*******\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\*******\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\*******\AppData\Local\Temp\Foxit Updater.exe
C:\Users\*******\AppData\Local\Temp\installhelper.dll
C:\Users\*******\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\*******\AppData\Local\Temp\lfwvjqqk.dll
C:\Users\*******\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\*******\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\*******\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\*******\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\*******\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\*******\AppData\Local\Temp\nvStInst.exe
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
C:\Users\*******\AppData\Local\Temp\sfhhujep.dll
C:\Users\*******\AppData\Local\Temp\SkypeSetup.exe
C:\Users\*******\AppData\Local\Temp\uninst1.exe
C:\Users\*******\AppData\Local\Temp\UnityWebPlayer1327969725013184969.exe
C:\Users\*******\AppData\Local\Temp\vlc-2.0.6-win64.exe
C:\Users\*******\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\*******\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 16:27
==================== End Of Log ============================
|
|
21.09.2014, 01:36
| #13 |
| | Nicht definierbare Einträge im Ereignislogbuch Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by ******* at 2014-09-21 02:34:32
Running from C:\Users\*******\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 15.0.0.249 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0142.68441 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0142.68441 - Alcor Micro Corp.) Hidden
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.24 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.2 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.1 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_MSI_mm17_silver_asus) (Version: 17.0.2.22 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.22 - MAGIX AG) Hidden
ASUS N Series Demo (HKLM-x32\...\{246B4AFF-6540-4B72-93E8-B9EB86D37589}) (Version: 1.0.0001 - ASUS)
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.2 - MAGIX AG)
ASUS Photo Designer (x32 Version: 7.0.1.2 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.217 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4711 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4711 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.11 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusScr_N6 Series_ENG (HKLM-x32\...\AsusScr_N6 Series_ENG) (Version: 1.0.0003 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.9.157 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.130 - Atheros)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0027 - ASUS)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Bamboo (HKLM-x32\...\Pen Tablet Driver) (Version: - Wacom Technology Corp.)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
Bubbletown (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115065740}) (Version: - Oberon Media)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3624 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3624 - CyberLink Corp.) Hidden
CyberLink MediaEspresso (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.2715_43927 - CyberLink Corp.)
CyberLink MediaEspresso (x32 Version: 6.5.2715_43927 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.1126 - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 7.0.0.1126 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4702a - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.4702a - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Deadtime Stories (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118716773}) (Version: - Oberon Media)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version: - Oberon Media)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft GmbH)
Ensonhaber Alarm (HKLM-x32\...\Alarm) (Version: 1.0 - UNKNOWN)
Ensonhaber Alarm (x32 Version: 1.0 - UNKNOWN) Hidden
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Farm Frenzy 3 - Madagascar (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119205603}) (Version: - Oberon Media)
FileViewPro (HKLM\...\FileViewPro_is1) (Version: 4.0 - Solvusoft Corporation)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 5.4.5.114 - Foxit Corporation)
Free Audio Dub version 1.7.9.908 (HKLM-x32\...\Free Audio Dub_is1) (Version: 1.7.9.908 - DVDVideoSoft Ltd.)
Free Video Converter V 3.1 (HKLM-x32\...\Free Video Converter_is1) (Version: 3.1.0.0 - Koyote Soft)
Free YouTube to MP3 Converter version 3.12.1.320 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebra 4.2 (HKLM-x32\...\GeoGebra 4.2) (Version: 4.2.60.0 - International GeoGebra Institute)
Go Go Gourmet Chef of the Year (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115290153}) (Version: - Oberon Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 15.0.874.120 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.3.2 - ASUS)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
IP Camera Adapter (HKLM-x32\...\{F43D5CA6-1F22-436D-AF64-B254E7F1FC3D}) (Version: 1.0.0 - Pas)
IP Camera DS Filter (HKLM-x32\...\IPCameraDSFilter) (Version: 5.5.0.0 - Moonware Studios)
Java(TM) 6 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416045FF}) (Version: 6.0.450 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KVIrc (HKLM-x32\...\KVIrc) (Version: - Szymon Stefanek and The KVIrc Development Team)
MAGIX Audio & Music Lab 2014 Premium (HKLM-x32\...\MX.{8D097354-F4D1-4FFE-9E0C-2CE2942C8DAB}) (Version: 20.0.0.36 - MAGIX Software GmbH)
MAGIX Audio & Music Lab 2014 Premium (Version: 20.0.0.36 - MAGIX Software GmbH) Hidden
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{CAC01506-F69E-49FA-B091-563A4335B136}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version: - Oberon Media)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 22.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 de)) (Version: 22.0 - Mozilla)
Mozilla Firefox 23.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 de)) (Version: 23.0.1 - Mozilla)
Mozilla Firefox 25.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 25.0.1 (x86 de)) (Version: 25.0.1 - Mozilla)
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Music Editor Free (HKLM-x32\...\Music Editor Free) (Version: - MEF GmbH.)
myBitCast 1.0.0.3 (HKLM\...\myBitCast) (Version: 1.0.0.3 - ASUS Cloud Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.3 - Notepad++ Team)
NVIDIA 3D Vision Treiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.11 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.11 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Optimus Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.14.0702 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 344.11 (Version: 344.11 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Oxford Advanced Learner's Dictionary - 8th Edition (HKLM-x32\...\NSIS_oald8) (Version: - )
Plants vs Zombies (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117080787}) (Version: - Oberon Media)
Preispilot für Firefox (HKLM-x32\...\{0D8E6567-7082-48DB-A305-293873AC8B39}_is1) (Version: 2.0 - Preispilot)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
QUICKfind server v1.1 (HKLM-x32\...\QUICKfind) (Version: - IDM)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
ShareKM 1.0.19 (HKLM-x32\...\ShareKM) (Version: 1.0.19 - Liveov)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
Turbo Fiesta (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115320460}) (Version: - Oberon Media)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Корпорация Майкрософт) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.27 - ASUS)
World of Goo (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}) (Version: - Oberon Media)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-09-2014 23:45:04 Windows Modules Installer
10-09-2014 00:03:37 Windows Update
10-09-2014 00:26:29 Windows Update
15-09-2014 21:40:55 Installed QuickTime 7
16-09-2014 11:05:45 Windows Update
19-09-2014 14:31:52 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-08-14 17:38 - 2014-09-14 01:48 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2012-08-14 17:39 - 2014-09-13 23:53 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-04-09 22:04 - 2014-04-09 22:04 - 00142336 _____ () C:\Program Files (x86)\Ensonhaber Alarm\Ensonhaber Alarm.exe
2012-08-14 17:33 - 2012-02-21 21:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2012-08-14 17:58 - 2009-04-17 12:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2014-09-05 05:30 - 2014-08-15 18:43 - 00746536 _____ () C:\Program Files (x86)\Emsisoft Anti-Malware\fw32.dll
2012-08-14 17:38 - 2014-09-14 01:48 - 00012104 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-08-25 20:11 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\*******\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2012-01-31 18:25 - 2012-01-31 18:25 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2010-08-20 18:57 - 2010-08-20 18:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 18:57 - 2010-08-20 18:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files (x86)\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2012-02-21 23:49 - 2012-02-21 23:49 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2012-08-14 17:33 - 2012-02-21 21:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-09-19 16:38 - 2014-09-19 16:38 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 30%
Total physical RAM: 8077.83 MB
Available physical RAM: 5638.68 MB
Total Pagefile: 16153.84 MB
Available Pagefile: 12991.5 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:161.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:393.86 GB) (Free:136.85 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 8DED5BA9)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
21.09.2014, 01:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Nicht definierbare Einträge im Ereignislogbuch Sehr gut. Poste mir doch mal ne Erinnerung morgen, ich muss jetzt  
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.09.2014, 17:32
| #15 |
| | Nicht definierbare Einträge im Ereignislogbuch Danke für Deine Hilfe. Ich sollte dich heute daran errinnern, dass Du mir weiterhilfst. Nochmals Danke. Ach ja ich habe noch etwas vergessen, dieser Eintrag **Vecna Scan** war auch noch im Ereignislogbuch. |
|
Linear-Darstellung
