| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWinWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.11.2015, 22:04
| #1 |
 |  Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin Nachdem ich heute ClamWin testweise mit aktuellen Signaturen ins Rennen geschickt habe, kam eine Rückmeldung über einen gefundenen Ramnit-Trojaner und diverse Adware. Panikscan mit boardeigenem ZoneAlarm, Windows Defender, MBAM und ADWCleaner (alles up2date) brachte hingegen keine Funde. Dennoch bin ich jetzt etwas verunsichert und bitte um Hilfe. Logs folgen Scan lief nicht bis zum Ende durch Code:
ATTFilter Scan Started Sat Nov 21 20:11:25 2015
-------------------------------------------------------------------------------
WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
C:\Program Files (x86)\Adobe\Photoshop Elements 12\cg.dll: Win.Trojan.Ramnit-7070 FOUND
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe: Win.Adware.Outbrowse-1167 FOUND
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCUpdater.dll: Win.Adware.Browsefox-14085 FOUND
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\IMSLib.dll: Win.Adware.Browsefox-14023 FOUND
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\x64\IMSLib.dll: Win.Adware.Browsefox-14023 FOUND
C:\Program Files (x86)\Diablo III\fmodex.dll: Win.Trojan.Ramnit-6364 FOUND
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMEncoder.exe: Win.Trojan.Ramnit-5879 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\32\SixtyOne\RaneAsioSixtyOnex86Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\32\SixtyTwo\RaneAsioSixtyTwox86Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\64\SixtyOne\RaneAsioSixtyOnex64Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\64\SixtyTwo\RaneAsioSixtyTwox64Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyEightSetup_1.1.4f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyFourSetup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyOneSetup_1.1.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyTwoSetup_1.2.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL2Setup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL3Setup_1.3.5f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL4Setup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\SeratoDJ\SeratoDJ.exe: Win.Adware.Browsefox-14023 FOUND
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015 durchgeführt von moonlab (Administrator) auf MOONLAB-THINK (21-11-2015 21:13:21) Gestartet von D:\Downloads Geladene Profile: moonlab & (Verfügbare Profile: moonlab) Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland) Internet Explorer Version 11 (Standard-Browser: FF) Start-Modus: Normal Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Prozesse (Nicht auf der Ausnahmeliste) ================= (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.) (Lenovo.) C:\Windows\System32\ibmpmsvc.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Akai Professional) C:\Program Files (x86)\Akai Professional\AMX\AudioDevMon.exe (Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe () C:\Program Files (x86)\Polar\Daemon\polard.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe () C:\Windows\System32\nvwmi64.exe (Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe (Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe (Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Lenovo.) C:\Windows\System32\TpShocks.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe () C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe (Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE (Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (brother) C:\Program Files (x86)\Brownie\BrStsW64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe (Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FcContextMenu64.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Nicht auf der Ausnahmeliste) =========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor) HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.) HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated) HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2406152 2014-12-10] (FSPro Labs) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-07] (NVIDIA Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation) HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.) HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.) HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (CANON INC.) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18376832 2015-09-29] (Winstep Software Technologies) HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401040 2014-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Amazon Music] => C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] () HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Google Update] => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-20] (Google Inc.) HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother) HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 0 HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18376832 2015-09-29] (Winstep Software Technologies) HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401040 2014-03-09] (Adobe Systems Incorporated) HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] () HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-20] (Google Inc.) HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother) HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [EnableLUA] 0 HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [ConsentPromptBehaviorAdmin] 0 HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-05] (NVIDIA Corporation) AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-05] (NVIDIA Corporation) Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll Startup: C:\Users\moonlab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-11-21] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Nicht auf der Ausnahmeliste) ==================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{A320D74D-8197-4253-84B5-52D9A88F1410}: [DhcpNameServer] 192.168.2.1 Internet Explorer: ================== HKU\S-1-5-21-1297538972-3483835822-425091157-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1297538972-3483835822-425091157-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489 FF Homepage: hxxp://***** hxxps://myspace.com/***** hxxps://de-de.facebook.com/ hxxps://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=hxxps://www.google.com/calendar/render?tab%3Dwc&followup=hxxps://www.google.com/calendar/render?tab%3Dwc&scc=1 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation) FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @tools.google.com/Google Update;version=3 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @tools.google.com/Google Update;version=9 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.) FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.) FF Extension: Tab Mix Plus - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-09-02] FF Extension: All-in-One Sidebar - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2015-10-07] FF Extension: Geocaching.com GPX Downloader - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\gpxdown@geocaching.com.xpi [2015-11-21] FF Extension: Video DownloadHelper - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30] FF Extension: Adblock Plus - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24] Chrome: ======= CHR Profile: C:\Users\moonlab\AppData\Local\Google\Chrome\User Data\default ==================== Dienste (Nicht auf der Ausnahmeliste) ======================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated) R2 AMXAudioDevMon; C:\Program Files (x86)\Akai Professional\AMX\AudioDevMon.exe [2287376 2014-10-02] (Akai Professional) S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-04-17] (Lenovo.) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation) R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-29] (Lenovo Group Limited) R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited) S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] () R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-07] (NVIDIA Corporation) R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-05] () R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio) R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] () S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Datei ist nicht signiert] R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] () R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.) S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital ) S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital) S4 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital ) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation) R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X] ===================== Treiber (Nicht auf der Ausnahmeliste) ========================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [370528 2013-02-14] (AfaTech ) S3 AMX1; C:\Windows\System32\DRIVERS\AkaiProfessionalAMX.sys [454928 2014-10-02] (Akai Professional) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-20] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.) R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs) R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( ) S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-03] () R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO) R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-21] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-05] (NVIDIA Corporation) S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio) R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.) S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [49656 2013-07-09] (Cristalink Ltd) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated) R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S4 NVHDA; system32\drivers\nvhda64v.sys [X] ==================== NetSvcs (Nicht auf der Ausnahmeliste) =================== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.) ==================== Ein Monat: Erstellte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-21 21:13 - 2015-11-21 21:13 - 00000000 ____D C:\FRST 2015-11-21 21:12 - 2015-11-21 21:12 - 00000000 _____ C:\Users\moonlab\defogger_reenable 2015-11-21 19:52 - 2015-11-21 19:52 - 00000735 _____ C:\Users\moonlab\AppData\Local\recently-used.xbel 2015-11-21 19:37 - 2015-11-21 19:52 - 00000000 ____D C:\Users\moonlab\AppData\Local\enchant 2015-11-21 18:05 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-11-21 18:05 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-11-21 18:05 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-11-21 18:05 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-11-21 18:05 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-11-21 18:05 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-11-21 18:05 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-11-21 18:05 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-11-21 18:05 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-11-21 18:05 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-11-21 18:05 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-11-21 18:05 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-11-21 18:05 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-11-21 18:05 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-11-21 18:05 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-11-21 18:05 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-11-21 18:05 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-11-21 18:05 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-11-21 18:05 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-11-21 18:05 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-11-21 18:05 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-11-21 18:05 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-11-21 18:05 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-11-21 18:05 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-11-21 18:05 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-11-21 18:05 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-11-21 18:05 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-11-21 18:05 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-11-21 18:05 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-11-21 18:05 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-11-21 18:05 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-11-21 18:05 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-11-21 18:05 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-11-21 18:05 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-11-21 18:05 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-11-21 18:05 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-11-21 18:05 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-11-21 18:05 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-11-21 18:05 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-11-21 18:05 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-11-21 18:05 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-11-21 18:05 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-11-21 18:05 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-11-21 18:05 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-11-21 18:05 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-11-21 18:05 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-11-21 18:05 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-11-21 18:05 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-11-21 18:05 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-11-21 18:05 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-11-21 18:05 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-11-21 18:05 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-11-21 18:05 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-11-21 18:05 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-11-21 18:05 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-11-21 18:05 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-11-21 18:05 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-11-21 18:05 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-11-21 18:05 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-11-21 18:05 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-11-21 18:05 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-11-21 18:05 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-11-21 18:05 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-11-21 18:05 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2015-11-21 18:04 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2015-11-21 18:04 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-11-21 18:04 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll 2015-11-21 18:04 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-11-21 18:04 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll 2015-11-21 18:04 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-11-21 18:04 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-11-21 18:04 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-11-21 18:04 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2015-11-21 18:04 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-11-21 18:04 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-11-21 18:04 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-11-21 18:04 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-11-21 18:04 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-11-21 18:04 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-11-21 18:04 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-11-21 18:04 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-11-21 18:04 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-11-21 18:04 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-11-21 18:04 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-11-21 18:04 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-11-21 18:04 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-11-21 18:04 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-11-21 18:04 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-11-21 18:04 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-11-21 18:04 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-11-21 18:04 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-11-21 18:04 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-11-21 18:04 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-11-21 18:04 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-11-21 18:04 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-11-21 18:04 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-11-21 18:04 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-11-21 18:04 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-11-21 18:04 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-11-21 18:04 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-11-21 18:04 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-11-21 18:04 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-11-21 18:04 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-11-21 18:04 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-11-21 18:04 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-11-21 18:04 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-11-21 18:04 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-11-21 18:04 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-11-21 18:04 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-11-21 18:04 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll 2015-11-21 18:04 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2015-11-21 18:03 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-11-21 18:03 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2015-11-21 18:03 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys 2015-11-21 18:02 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2015-11-21 18:02 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll 2015-11-21 18:02 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll 2015-11-21 18:02 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll 2015-11-20 16:15 - 2015-11-20 16:15 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor 2015-11-20 16:12 - 2015-11-21 20:17 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA.job 2015-11-20 16:12 - 2015-11-21 16:17 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core.job 2015-11-20 16:12 - 2015-11-20 16:12 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA 2015-11-20 16:12 - 2015-11-20 16:12 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core 2015-11-14 23:22 - 2015-11-14 23:22 - 00000882 _____ C:\Users\moonlab\Desktop\RECORDS.APR - Verknüpfung.lnk 2015-11-14 10:33 - 2015-11-18 12:52 - 00019277 _____ C:\Users\moonlab\Desktop\RecordsDescrib.xlsx 2015-11-10 22:35 - 2015-11-10 22:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3FE1496C.sys 2015-10-30 20:05 - 2015-10-30 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato 2015-10-24 21:33 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-24 21:33 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-24 21:33 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-10-24 21:33 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-10-24 21:33 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-10-24 21:33 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-10-24 21:33 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-10-24 21:33 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-10-24 21:33 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-10-24 21:33 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-24 21:33 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2015-10-24 21:33 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-24 21:33 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll ==================== Ein Monat: Geänderte Dateien und Ordner ======== (Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.) 2015-11-21 21:12 - 2015-03-28 10:49 - 00000000 ____D C:\Program Files (x86)\FreeCommander XE 2015-11-21 21:12 - 2013-10-09 10:00 - 00000000 ____D C:\Users\moonlab 2015-11-21 21:02 - 2015-01-04 15:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-11-21 21:02 - 2013-10-17 14:23 - 00056569 ____H C:\Windows\SysWOW64\BTImages.dat 2015-11-21 20:59 - 2013-10-14 16:21 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\KeePass 2015-11-21 20:50 - 2015-01-06 16:59 - 00000000 ____D C:\AdwCleaner 2015-11-21 20:47 - 2015-05-06 16:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-11-21 20:40 - 2015-06-17 09:35 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Google 2015-11-21 20:13 - 2013-10-09 09:49 - 01499182 _____ C:\Windows\WindowsUpdate.log 2015-11-21 19:35 - 2013-10-14 20:19 - 00000295 _____ C:\Windows\Brownie.ini 2015-11-21 19:28 - 2011-04-12 08:43 - 00674860 _____ C:\Windows\system32\perfh007.dat 2015-11-21 19:28 - 2011-04-12 08:43 - 00139968 _____ C:\Windows\system32\perfc007.dat 2015-11-21 19:28 - 2009-07-14 06:13 - 01556210 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-21 18:28 - 2009-07-14 05:51 - 00363092 _____ C:\Windows\setupact.log 2015-11-21 18:25 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-11-21 18:25 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-11-21 18:17 - 2013-10-09 10:47 - 00000000 ____D C:\ProgramData\NVIDIA 2015-11-21 18:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-21 18:17 - 2009-07-14 05:45 - 00462024 _____ C:\Windows\system32\FNTCACHE.DAT 2015-11-21 18:16 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal 2015-11-21 18:13 - 2013-10-09 12:30 - 00000000 ____D C:\Windows\system32\MRT 2015-11-21 18:11 - 2013-10-09 12:30 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-11-21 18:10 - 2013-10-09 11:48 - 01530490 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2015-11-21 17:57 - 2013-10-14 18:17 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\MediaMonkey 2015-11-21 11:15 - 2013-10-09 11:52 - 00000000 ____D C:\Users\moonlab\AppData\Local\Adobe 2015-11-20 16:12 - 2013-10-20 10:01 - 00000000 ____D C:\Users\moonlab\AppData\Local\Google 2015-11-19 15:43 - 2013-10-21 18:56 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Mp3tag 2015-11-19 07:36 - 2014-03-08 12:54 - 00000000 ____D C:\Users\moonlab\AppData\Local\Battle.net 2015-11-18 18:35 - 2013-12-02 15:12 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 apoEdition 2015-11-16 13:28 - 2010-11-21 04:47 - 00261938 _____ C:\Windows\PFRO.log 2015-11-15 21:03 - 2013-10-14 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management 2015-11-15 21:03 - 2013-10-14 20:22 - 00000000 ____D C:\Program Files\Calibre2 2015-11-15 10:18 - 2013-10-09 13:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2015-11-12 18:06 - 2013-10-14 19:35 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Audacity 2015-11-12 18:06 - 2013-10-13 18:38 - 00000000 ____D C:\ProgramData\Ableton 2015-11-12 17:56 - 2014-07-15 21:14 - 00000000 ____D C:\temp 2015-11-11 16:47 - 2015-05-06 16:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-11-11 16:47 - 2013-11-23 12:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-11-11 16:47 - 2013-11-23 12:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-11-11 11:08 - 2013-10-13 16:51 - 00000000 ____D C:\Program Files (x86)\Diablo III 2015-11-10 18:50 - 2013-10-09 19:36 - 00000000 ____D C:\Program Files (x86)\Winstep 2015-11-08 10:20 - 2013-11-18 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-11-01 16:38 - 2015-01-04 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-11-01 16:38 - 2015-01-04 15:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-10-30 20:05 - 2013-10-14 19:08 - 00000000 ____D C:\Program Files (x86)\Serato 2015-10-30 20:05 - 2013-10-14 15:11 - 00000000 ____D C:\ProgramData\Package Cache 2015-10-25 12:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2015-10-22 14:30 - 2014-04-07 19:17 - 00001456 _____ C:\Users\moonlab\AppData\Local\Adobe Für Web speichern 12.0 Prefs ==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse ======= 2014-07-02 20:58 - 2014-07-02 21:04 - 0000132 _____ () C:\Users\moonlab\AppData\Roaming\Adobe CS5-Voreinstellungen für BMP-Format 2014-02-19 14:53 - 2015-06-16 18:24 - 0000132 _____ () C:\Users\moonlab\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format 2014-04-07 19:17 - 2015-10-22 14:30 - 0001456 _____ () C:\Users\moonlab\AppData\Local\Adobe Für Web speichern 12.0 Prefs 2013-10-20 19:36 - 2015-04-07 08:55 - 0013824 _____ () C:\Users\moonlab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-11-21 19:52 - 2015-11-21 19:52 - 0000735 _____ () C:\Users\moonlab\AppData\Local\recently-used.xbel 2013-10-13 14:20 - 2014-07-20 17:22 - 0007656 _____ () C:\Users\moonlab\AppData\Local\Resmon.ResmonCfg 2015-06-03 10:05 - 2015-06-03 10:05 - 5623786 _____ () C:\Users\moonlab\AppData\Local\TempDSC_4268.jpg 2015-06-03 10:06 - 2015-06-03 10:06 - 5623786 _____ () C:\Users\moonlab\AppData\Local\TempDSC_42680.jpg 2013-10-14 15:09 - 2013-10-14 15:09 - 0013375 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131014.160954.wdl 2013-11-04 19:08 - 2013-11-04 19:08 - 0013178 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.190811.wdl 2013-11-04 19:10 - 2013-11-04 19:10 - 0013178 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.191028.wdl 2013-11-04 19:30 - 2013-11-04 19:30 - 0013187 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.193005.wdl 2013-11-04 19:30 - 2013-11-04 19:30 - 0013187 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.193022.wdl 2014-02-01 11:39 - 2014-02-01 11:39 - 0014440 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140201.113944.wdl 2014-02-01 11:40 - 2014-02-01 11:40 - 0014443 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140201.114014.wdl 2014-05-16 13:06 - 2014-05-16 13:06 - 0014819 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140516.140601.wdl 2014-05-21 20:56 - 2014-05-21 20:57 - 0015099 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140521.215659.wdl 2014-05-21 21:01 - 2014-05-21 21:01 - 0015090 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140521.220101.wdl 2014-06-08 12:28 - 2014-06-08 12:28 - 0015245 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132842.wdl 2014-06-08 12:29 - 2014-06-08 12:29 - 0015145 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132920.wdl 2014-06-08 12:29 - 2014-06-08 12:30 - 0015236 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132954.wdl 2014-07-15 21:10 - 2014-07-15 21:10 - 0015099 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140715.221031.wdl 2013-10-09 11:50 - 2013-10-09 11:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-10-21 18:51 - 2015-03-29 10:33 - 0000217 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc ==================== Bamital & volsnap ================= (Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.) C:\Windows\system32\winlogon.exe => Datei ist digital signiert C:\Windows\system32\wininit.exe => Datei ist digital signiert C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert C:\Windows\explorer.exe => Datei ist digital signiert C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert C:\Windows\system32\svchost.exe => Datei ist digital signiert C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert C:\Windows\system32\services.exe => Datei ist digital signiert C:\Windows\system32\User32.dll => Datei ist digital signiert C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert C:\Windows\system32\userinit.exe => Datei ist digital signiert C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert C:\Windows\system32\rpcss.dll => Datei ist digital signiert C:\Windows\system32\dnsapi.dll => Datei ist digital signiert C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert LastRegBack: 2015-11-20 14:27 ==================== Ende von FRST.txt ============================ Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-11-2015
durchgeführt von moonlab (2015-11-21 21:13:44)
Gestartet von D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-09 09:00:37)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1297538972-3483835822-425091157-500 - Administrator - Disabled)
Gast (S-1-5-21-1297538972-3483835822-425091157-501 - Limited - Enabled)
moonlab (S-1-5-21-1297538972-3483835822-425091157-1000 - Administrator - Enabled) => C:\Users\moonlab
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Ableton Live 9 Standard (HKLM-x32\...\{CC6813E0-E96C-4E4B-A299-8864E37B2082}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe GoLive CS (DEU) (HKLM-x32\...\{507C870C-C27E-4F53-A32A-23500AC62A46}) (Version: CS 7.0.2 - Adobe Systems, Inc.)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{436ADF1E-8D47-11E5-BB5D-B8AC6F88925A}) (Version: 11.2.2.0 - Google)
Akai Professional AMX 1.0.4 (x64) (HKLM\...\{8D7A8DAE-8097-48C9-B181-DBEB815D5150}) (Version: 1.0.4 - Akai Professional)
Amazon Music (HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Brother HL-2030 (HKLM-x32\...\{E959EF2C-B8F9-449C-9F40-A4AF823EF18F}) (Version: 1.00 - Brother)
calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version: - Canon Inc.)
Comic Collector (HKLM-x32\...\{4C44DC2C-4DE3-4120-865F-F770C53972DE}_is1) (Version: - Collectorz.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Edraw Mind Map 7.8 (HKLM-x32\...\Edraw Mind Map Freeware_is1) (Version: - EdrawSoft)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: - Marek Jasinski)
Freizeitkarte_DEU (Ausgabe 15.05) (HKLM-x32\...\Freizeitkarte_DEU) (Version: - )
Freizeitkarte_DNK (Ausgabe 15.05) (HKLM-x32\...\Freizeitkarte_DNK) (Version: - )
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Hexonic PDF Metadata Editor Version 1.0.0 (HKLM-x32\...\{5145BD44-B795-11E1-B7ED-AEF46088709B}_is1) (Version: 1.0.0 - Hexonic Software)
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation)
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lenovo Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.11 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.12.0 - Lenovo)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0008 - Lenovo)
Loopmaster Samples version 1.0 (HKLM-x32\...\{EF29801F-C87A-481B-B4D1-6D1FBDEA954B}_is1) (Version: 1.0 - Serato LP INC)
Lotus SmartSuite - Deutsch (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300407}) (Version: 9.7.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mixed in Key (x32 Version: 1.0.208.0 - Mixed In Key LLC) Hidden
Mixed In Key 7 (HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\{3de857a1-0c56-441b-94ce-4c17ef20b13e}) (Version: 7.0.208.0 - Mixed In Key LLC)
Mixed In Key 7 (HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{3de857a1-0c56-441b-94ce-4c17ef20b13e}) (Version: 7.0.208.0 - Mixed In Key LLC)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version: - Pavel Cvrcek)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
MP3 Diags (HKLM-x32\...\MP3Diags) (Version: - )
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Lockbox 3.6.4 (HKLM\...\My Lockbox_is1) (Version: 3.6.4 - )
Nexus 15.9 (HKLM-x32\...\Winstep Xtreme_is1) (Version: - )
NVIDIA 3D Vision Treiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA Grafiktreiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA WMI 2.19.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.19.0 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)
Personal Backup 5.7.1.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.7.1.4 - Dr. J. Rathlev)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{A3C03067-855A-4B5B-B08B-A1BFD68FCAF8}) (Version: 2.8.30000 - Polar Electro Oy)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Red 2 & Red 3 Plug-in Suite version 1.0 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Serato DJ (HKLM-x32\...\{f23c6e49-5a7f-4ac0-8d7f-8794ae36228c}) (Version: 1.8.0.7502 - )
Serato DJ (x32 Version: 1.8.0.7502 - Serato) Hidden
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
shortcircuit (HKLM-x32\...\shortcircuit) (Version: - )
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5770 - Zone Five Software)
StarMoney (x32 Version: 3.0.1.31 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 apoEdition (HKLM-x32\...\{C44A6A34-56A1-4339-8755-3292125B448F}) (Version: 9.0 - Star Finanz GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
XMedia Recode Version 3.2.3.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.3.6 - XMedia Recode)
ZoneAlarm Antivirus (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
==================== Wiederherstellungspunkte =========================
03-11-2015 18:00:02 Windows Update
06-11-2015 21:25:59 Windows Update
08-11-2015 10:13:47 Installed calibre 64bit
10-11-2015 22:34:12 Windows Update
15-11-2015 21:02:13 Installed calibre 64bit
21-11-2015 18:05:45 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 03:34 - 2015-01-04 13:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {586CBFC5-C49E-44A4-9A86-31388F3EFD9B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-04-17] (Lenovo Group Limited)
Task: {63343FB1-3E26-4BCA-B88F-BBA2330E9110} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {634CEBF2-97D5-438E-B188-1BA5CE321CE8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {69AA8D62-F459-4967-B129-B9D1B6805233} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {8C5CC02D-0B8E-4478-9EFD-9815F23F8889} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {9D3267C7-16D8-4E02-8943-0B8C022F850E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {B137FA81-6BD8-4AAC-8B30-0717A5DA0EE4} - System32\Tasks\AdobeAAMUpdater-1.0-moonlab-THINK-moonlab => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {BC6FCFAE-7A51-49B3-82C5-B3EFB0824117} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {D54E0BB7-B97B-4E8B-AA1B-92A5FF58F5B9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {DC01F099-BB41-492A-8ABD-D2241DDD0590} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {E0A95A03-C773-4EEB-850B-3C8774109FD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {ECBE5ACC-D2EB-42CF-85D8-5077047B748C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-08-17] (Lenovo)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core.job => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA.job => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-07-15 21:13 - 2015-02-05 09:16 - 02855624 _____ () C:\Windows\system32\nvwmi64.exe
2012-12-12 14:20 - 2012-12-12 14:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2013-10-09 10:26 - 2015-02-04 21:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 18:17 - 2015-03-02 22:51 - 00089088 _____ () C:\Program Files (x86)\MediaMonkey\DeskPlayer.dll
2013-10-09 11:53 - 2015-04-17 05:07 - 00118272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-03 11:52 - 2012-09-03 11:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-10 12:07 - 2015-05-07 20:12 - 05886784 _____ () C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-07-19 18:15 - 2011-08-02 19:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-07-19 18:15 - 2011-08-02 19:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-05-06 11:20 - 2012-05-06 11:20 - 03449856 _____ () C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
2012-12-12 14:20 - 2012-12-12 14:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2014-08-02 18:11 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\PATCHW32.dll
2014-07-15 21:13 - 2015-02-05 09:16 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-09 19:36 - 2012-06-08 19:40 - 01086176 _____ () C:\Program Files (x86)\Winstep\wodTelnetDLX.dll
2014-10-24 21:34 - 2014-10-24 21:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:46 - 2014-04-25 21:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2013-10-09 11:49 - 2013-05-13 14:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-10-09 13:39 - 2015-11-15 10:18 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-09 13:39 - 2015-11-15 10:18 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Documents\WinStep\Themes\Venom1\Wallpaper.bmp
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Documents\WinStep\Themes\Venom1\Wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^Users^moonlab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\moonlab\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [{0856F5E8-D98E-421F-BA78-9A1BCAD18069}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3109BB05-9E8C-4867-B509-59AC9316CF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B4A9152C-D87E-44FF-95D7-C95009BA19E6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{58771B22-E681-4D32-A40A-96713183B255}] => (Allow) LPort=6603
FirewallRules: [{5BE4D61E-A5FC-4FBA-802E-838044BC7A6F}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{53BA1E8F-8518-43EA-A47F-F83F12DE041A}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1869449B-B5CA-49D7-BB48-3567D9AD2F43}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{30EC195C-EB59-44E6-AE6A-285D7A0753D1}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{58752E1C-689B-4F8E-9552-614194CCEF22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D596BDEA-7C43-4A89-9A25-20C1FFF9B1B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{7FD45EB3-62B4-4211-9CB6-783FFF331975}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => (Block) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe
FirewallRules: [UDP Query User{8FFF797B-D46D-4E96-BC3A-ED27B54A5765}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => (Block) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe
FirewallRules: [{4C363604-2CA1-4D81-9DDB-EFA29201B23F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{0DC2095D-2959-4CC2-9763-EB33379E47E1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DC658108-D066-4461-A290-1FCB8D9118FC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{081DAAD5-6B8E-4EE9-BF7A-4637647EAA09}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3365CBE0-0BB2-4D2E-98EC-653D984427E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D392AE79-FA03-4D0B-887E-EF6CA555DAB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67B7E0BB-219C-4DDC-97C6-289B93569198}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4C99F003-9AF5-40C3-A197-7CE514667707}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D740688-EB06-456E-A94B-367179A8B057}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{AD31A5AB-1F28-461B-8D8B-16A7DDB2D3A1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1225B996-663F-441D-ABB9-CFF0B667CB47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51362767-907D-4C67-9AF1-8ECBCEA5A992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (11/21/2015 06:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/21/2015 11:05:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/20/2015 02:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 04:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 09:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/19/2015 07:19:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2015 10:29:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/18/2015 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/17/2015 09:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (11/17/2015 03:32:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Systemfehler:
=============
Error: (11/21/2015 05:59:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/12/2015 09:16:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/12/2015 02:20:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TrueVector Internet Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (11/11/2015 11:28:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (11/11/2015 11:28:28 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (11/11/2015 11:28:28 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (10/28/2015 00:43:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Windows\System32\IWMSSvc.dll
CodeIntegrity:
===================================
Date: 2015-01-23 17:54:10.595
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:53:35.819
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:53:34.299
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:53:33.219
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:53:02.396
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:52:59.874
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:52:58.790
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:50:59.151
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:49:51.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-23 17:49:50.584
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 7734.83 MB
Verfügbarer physikalischer RAM: 3979.81 MB
Summe virtueller Speicher: 15467.87 MB
Verfügbarer virtueller Speicher: 11821.21 MB
==================== Laufwerke ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:345.37 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:136.37 GB) NTFS
Drive r: (SANDISK32) (Removable) (Total:28.63 GB) (Free:9.53 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19969619)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E175C627)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: B37CFDDD)
Partition: GPT.
========================================================
Disk: 3 (Size: 28.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== Ende von Addition.txt ============================
|
|
21.11.2015, 22:05
| #2 |
| | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWinCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-21 21:43:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Samsung_ rev.EXT0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\moonlab\AppData\Local\Temp\kwliikod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4 0000000070421825 2 bytes JMP 75d26305 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4 0000000070421830 2 bytes JMP 75d26325 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4 000000007042183b 2 bytes JMP 75d26345 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4 0000000070421846 2 bytes JMP 75d25be5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4 0000000070421851 2 bytes JMP 75d26365 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4 000000007042185c 2 bytes JMP 75d26445 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4 0000000070421867 2 bytes JMP 75d26465 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4 0000000070421872 2 bytes JMP 75d26485 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4 000000007042187d 2 bytes JMP 75d264a5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4 0000000070421888 2 bytes JMP 75d25c05 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4 0000000070421893 2 bytes JMP 75d264c5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4 000000007042189e 2 bytes JMP 75d25c85 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4 00000000704218a9 2 bytes JMP 75d264e5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4 00000000704218b4 2 bytes JMP 75d26505 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4 00000000704218bf 2 bytes JMP 75cf228b C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4 00000000704218ca 2 bytes JMP 75d26545 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4 00000000704218d5 2 bytes JMP 75d25ca5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4 00000000704218e0 2 bytes JMP 75d25d25 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4 00000000704218eb 2 bytes JMP 75d25d45 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4 00000000704218f6 2 bytes JMP 75d26aa5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4 0000000070421901 2 bytes JMP 75d25c65 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4 000000007042190c 2 bytes JMP 75d26ac5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4 0000000070421917 2 bytes JMP 75d26b05 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4 0000000070421922 2 bytes JMP 75d25cc5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4 000000007042192d 2 bytes JMP 75d26b25 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4 0000000070421938 2 bytes JMP 75d26b45 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4 0000000070421943 2 bytes JMP 75d26b65 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4 000000007042194e 2 bytes JMP 75d26b85 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4 0000000070421959 2 bytes JMP 75d26ba5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4 0000000070421964 2 bytes JMP 75d26bc5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4 000000007042196f 2 bytes JMP 75d26be5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4 000000007042197a 2 bytes JMP 75d26c05 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4 0000000070421985 2 bytes JMP 75d26c25 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4 0000000070421990 2 bytes JMP 75d26c45 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4 000000007042199b 2 bytes JMP 75d26c65 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4 00000000704219a6 2 bytes JMP 75d26c85 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4 00000000704219b1 2 bytes JMP 75d26ca5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4 00000000704219bc 2 bytes JMP 75d26cc5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4 00000000704219c7 2 bytes JMP 75d26ce5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4 00000000704219d2 2 bytes JMP 75d26d05 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4 00000000704219dd 2 bytes JMP 75d25d65 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4 00000000704219e8 2 bytes JMP 75d26d45 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4 00000000704219f3 2 bytes JMP 75d26d65 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4 00000000704219fe 2 bytes JMP 75d26da3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4 0000000070421a09 2 bytes JMP 75d26dc3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4 0000000070421a14 2 bytes JMP 75d26de3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4 0000000070421a1f 2 bytes JMP 75d25ce5 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4 0000000070421a2a 2 bytes JMP 75d26e03 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4 0000000070421a35 2 bytes JMP 75d26e23 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4 0000000070421a40 2 bytes JMP 75d26e43 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4 0000000070421a4b 2 bytes JMP 75d26e63 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4 0000000070421a56 2 bytes JMP 75d26e83 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4 0000000070421a61 2 bytes JMP 75d26ea3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4 0000000070421a6c 2 bytes JMP 75d25d85 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4 0000000070421a77 2 bytes JMP 75d26ec3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4 0000000070421a82 2 bytes JMP 75d26ee3 C:\Windows\syswow64\GDI32.dll
.text C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52 0000000070421ab2 2 bytes JMP 75b6dc75 C:\Windows\syswow64\msvcrt.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271 000000007784694f 7 bytes JMP 0000000100519d68
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8 00000000758b3480 7 bytes JMP 0000000100519bac
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19 00000000758b5379 7 bytes JMP 00000001004bd04c
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!CreatePen 0000000075cebc19 5 bytes JMP 0000000100708004
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!GetSysColor 00000000757b6c3c 5 bytes JMP 00000001007081b0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!GetSysColorBrush 00000000757c35a4 5 bytes JMP 00000001007082e4
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 0000000075655ea5 5 bytes JMP 0000000169513a00
.text C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075689d0b 5 bytes JMP 0000000169513990
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000758b1efe 7 bytes JMP 0000000169514b10
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000758c13f9 7 bytes JMP 0000000169514e50
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000758cea45 7 bytes JMP 0000000169514b00
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000075958f4c 7 bytes JMP 00000001695145c0
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000075958fd1 5 bytes JMP 0000000169514670
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000075959327 5 bytes JMP 00000001695145d0
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 0000000075341d29 5 bytes JMP 0000000169514580
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 0000000075341dd7 5 bytes JMP 0000000169514540
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075342ab1 5 bytes JMP 0000000169514680
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 0000000075342d1d 5 bytes JMP 0000000169514360
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075ced4ee 5 bytes JMP 0000000169513b80
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!CreateWindowExW 00000000757b8a29 5 bytes JMP 0000000169513a40
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 00000000757c4572 5 bytes JMP 00000001695142e0
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 00000000757de567 5 bytes JMP 0000000169514350
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 00000000758007d7 5 bytes JMP 0000000169513850
.text C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075817a5c 5 bytes JMP 00000001695142d0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8ee2f938
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8ee2f938 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
22.11.2015, 01:41
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin Hi,
__________________so sehr ich opensource mag (linux, mozilla, ...) bi Virenscannern kannste ClamAV vergessen. Wenn ich so deine Beschreibung sehe und was du noch für Software einsetzt (ZoneAlarm) muss man sich schon fragen, ob du dich nicht wegen irgendwas verrückt machen lässt, was du aber nicht beschreibst.
__________________ |
|
22.11.2015, 10:16
| #4 |
| | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin Moin, und Danke für deine Antwort - auch wenn ich deinen zweiten Satz zum Ende hin nicht ganz deuten kann. Bei der Aktualisierung von LiberKey bin ich über ClamWin gestolpert und wollte es mal testen. Gut möglich, dass ich mich unnötig verrückt mache, aber natürlich haben mich die Funde verunsichert, zumal ich den Rechner auch dienstlich nutze. Kurze Erklärung: ZoneAlarm ist mein Standard Scanner/Firewall und MBAM und ADWCleaner laufen nach Bedarf alle paar Wochen mal durch. Der Defender ist primär nicht im Einsatz. Ist das ungewöhnlich? Verstehe ich dich jetzt richtig, dass ich die ClamWin und seine Funde getrost ignorieren kann? |
|
22.11.2015, 17:55
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin ClamAV taugt kaum etwas! Die Erkennungsrate ist im Vergleich zu anderen Scannern sehr viel niedriger und die Fehlalarmquote höher! Personal Firewall wie ZoneAlarm waren übrigens schon immer Schwachsinn. Verwende die Windows-Firewall, mehr benötigt man nicht.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.11.2015, 18:43
| #6 |
| | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin Also ein False Positive - dann muss ich wohl doch nicht an meinem Netzverhalten zweifeln  Danke, dass Du Dir die Zeit genommen hast und auch für die Nachhilfe. Wenn ich noch eins fragen darf: Welche AV empfiehlst Du in Verbindung mit der Windows-Firewall? |
|
22.11.2015, 18:56
| #8 |
| | Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin Alles klar. Danke nochmals für Deine Hilfe und ein schönes Restwochenende! |
|
| Themen zu Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin |
| adwcleaner, aktuelle, aktuellen, clamwin, defender, diverse, dnsapi.dll, feedback, folge, folgen, gefunde, gefundene, gefundenen, geschickt, heute, mbam, nicht, ram, ramnit, rückmeldung, sichert, signaturen, starmoney, windows, windows defender, zonealarm, zuverlässig |
Linear-Darstellung
