Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Antivirus Blocking Rules (https://www.trojaner-board.de/140157-antivirus-blocking-rules.html)

dunkelbunt 20.08.2013 16:20
Antivirus Blocking Rules
 
vorweg , ich bin pc-blond also habt bitte nachsehen mit mir. Danke

Problem:
Habe Spyhunter 4 heruntergeladen um meinen PC auf Malware zu prüfen.
Resultat 10 Infektionen

1.Antivirus Blocking Rules (1 Infektion) wird als sehr gefährlich angezeigt

2.Winload Toolbar (9 Infektionen ) mittlerer Wert

Ich möchte Spyhunter nicht unbedingt kaufen um diese Probleme zu lösen
könnt ihr mir helfen ? (PC- Blondine , bitte berücksichtigen *g)

Vielen Dank im Vorfeld , dunkelbunt

aharonov 20.08.2013 16:22
Hallo,

den SpyHunter kannst du grad wieder deinstallieren, der ist grosser Mist.
Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die resultierenden Logfiles hier.

dunkelbunt 20.08.2013 17:51
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:38 on 20/08/2013 (peppermint)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by peppermint (administrator) on 20-08-2013 17:53:08
Running from C:\Users\peppermint\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
() C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
() C:\Users\peppermint\Desktop\Defogger.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-09-16] (PC Tools)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2761024 2012-02-22] (Piriform Ltd)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
MountPoints2: {56424d46-9436-11e1-8fc8-705ab658961b} - F:\LaunchU3.exe -a
MountPoints2: {81216b3a-f9d1-11e2-94b9-705ab658961b} - F:\NokiaPCIA_Autorun.exe
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=46364&st=bs&tid=3869&ver=3.7&ts=1373607271912.000004&tguid=46364-3869-1373607271912-644764EDB2ACE52FED9E8F6C709A2533&q={searchTerms}
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16

FireFox:
========
FF ProfilePath: C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: pricealarm - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: firefox - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-12] (soft Xpansion)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2013-05-09] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051968 2010-07-06] (TuneUp Software)
S3 MozillaMaintenance;

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-03-14] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-16] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-24] (TuneUp Software)
S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [168704 2009-06-19] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 17:52 - 2013-08-20 17:52 - 00000000 ____D C:\FRST
2013-08-20 17:43 - 2013-08-20 17:43 - 01070241 _____ (Farbar) C:\Users\peppermint\Desktop\FRST.exe
2013-08-20 17:38 - 2013-08-20 17:38 - 00000482 _____ C:\Users\peppermint\Desktop\defogger_disable.log
2013-08-20 17:38 - 2013-08-20 17:38 - 00000000 _____ C:\Users\peppermint\defogger_reenable
2013-08-20 17:36 - 2013-08-20 17:36 - 00050477 _____ C:\Users\peppermint\Desktop\Defogger.exe
2013-08-20 14:23 - 2013-08-20 00:19 - 413364960 _____ C:\Users\peppermint\Downloads\idtv-motive.s01e01.mkv
2013-08-20 13:21 - 2013-08-20 13:21 - 00112088 _____ C:\Users\PEPPER~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 12:59 - 2013-08-20 12:59 - 00000952 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-20 12:04 - 2013-08-20 12:04 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 12:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-20 09:55 - 2013-08-20 09:55 - 00017633 _____ C:\AdwCleaner[S1].txt
2013-08-20 09:54 - 2013-08-20 09:55 - 00017100 _____ C:\AdwCleaner[R2].txt
2013-08-20 09:54 - 2013-08-20 09:54 - 00017039 _____ C:\AdwCleaner[R1].txt
2013-08-19 21:58 - 2013-08-19 21:58 - 00000000 ____D C:\ProgramData\StarApp
2013-08-19 21:56 - 2013-08-19 22:02 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 21:30 - 2013-08-19 21:33 - 00000000 ____D C:\Program Files\SimpleFiles
2013-08-19 21:30 - 2013-08-19 21:30 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\SimpleFiles
2013-08-19 19:43 - 2013-08-20 17:33 - 00000000 ____D C:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-17 14:13 - 2013-08-17 14:13 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-16 00:29 - 2013-08-16 00:34 - 00000728 _____ C:\Users\peppermint\Documents\0.ddi
2013-08-16 00:29 - 2013-08-16 00:34 - 00000059 _____ C:\Users\peppermint\Documents\settings.ddi
2013-08-16 00:28 - 2013-08-16 00:34 - 00000001 _____ C:\Users\peppermint\Documents\have_divx.avi.ddr
2013-08-16 00:28 - 2013-08-16 00:28 - 00094986 _____ C:\Users\peppermint\Documents\have_divx.avi
2013-08-15 18:16 - 2013-08-15 18:16 - 00000000 ____D C:\Users\peppermint\Downloads\Mucke versch
2013-08-15 03:09 - 2013-08-15 03:12 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-15 03:01 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-15 03:01 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-15 03:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-15 03:01 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-15 03:01 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-15 03:01 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:00 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-15 03:00 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-15 03:00 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 11:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 11:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 11:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-08-14 11:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 11:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 11:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 11:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 11:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 11:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-13 09:27 - 2013-08-13 09:27 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-08-13 09:14 - 2013-08-13 09:14 - 00000091 _____ C:\Users\peppermint\AppData\Roaming\Safer-Networking.log
2013-08-11 10:09 - 2013-08-13 09:19 - 00000000 ____D C:\windows\pss
2013-08-06 17:50 - 2013-08-20 12:59 - 01419573 _____ C:\windows\WindowsUpdate.log
2013-08-03 06:59 - 2013-08-03 06:59 - 00000000 ____D C:\ProgramData\Installations
2013-08-02 15:57 - 2013-08-02 15:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-29 16:23 - 2013-07-29 16:23 - 00000000 ___HD C:\Users\peppermint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-07-29 10:35 - 2013-07-29 10:35 - 00000000 ____D C:\Users\peppermint\Documents\default
2013-07-28 12:30 - 2013-07-28 12:30 - 00001424 _____ C:\Users\peppermint\Documents\Projekt 4.cov

==================== One Month Modified Files and Folders =======

2013-08-20 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-20 17:52 - 2013-08-20 17:52 - 00000000 ____D C:\FRST
2013-08-20 17:48 - 2012-05-03 22:46 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 17:43 - 2013-08-20 17:43 - 01070241 _____ (Farbar) C:\Users\peppermint\Desktop\FRST.exe
2013-08-20 17:38 - 2013-08-20 17:38 - 00000482 _____ C:\Users\peppermint\Desktop\defogger_disable.log
2013-08-20 17:38 - 2013-08-20 17:38 - 00000000 _____ C:\Users\peppermint\defogger_reenable
2013-08-20 17:38 - 2012-05-02 11:06 - 00000000 ____D C:\Users\peppermint
2013-08-20 17:36 - 2013-08-20 17:36 - 00050477 _____ C:\Users\peppermint\Desktop\Defogger.exe
2013-08-20 17:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 17:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 17:33 - 2013-08-19 19:43 - 00000000 ____D C:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-20 16:54 - 2012-05-02 11:40 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\vlc
2013-08-20 16:07 - 2013-08-06 17:50 - 01419573 _____ C:\windows\WindowsUpdate.log
2013-08-20 14:15 - 2013-05-04 08:50 - 00000000 ____D C:\Users\peppermint\Documents\Programme
2013-08-20 13:21 - 2013-08-20 13:21 - 00112088 _____ C:\Users\PEPPER~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 12:59 - 2013-08-20 12:59 - 00000952 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-08-20 12:57 - 2010-03-14 00:15 - 02902768 _____ C:\FaceProv.log
2013-08-20 12:56 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-20 12:56 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Help
2013-08-20 12:04 - 2013-08-20 12:04 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 09:55 - 2013-08-20 09:55 - 00017633 _____ C:\AdwCleaner[S1].txt
2013-08-20 09:55 - 2013-08-20 09:54 - 00017100 _____ C:\AdwCleaner[R2].txt
2013-08-20 09:54 - 2013-08-20 09:54 - 00017039 _____ C:\AdwCleaner[R1].txt
2013-08-20 03:00 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Registration
2013-08-20 00:19 - 2013-08-20 14:23 - 413364960 _____ C:\Users\peppermint\Downloads\idtv-motive.s01e01.mkv
2013-08-19 22:02 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 21:58 - 2013-08-19 21:58 - 00000000 ____D C:\ProgramData\StarApp
2013-08-19 21:33 - 2013-08-19 21:30 - 00000000 ____D C:\Program Files\SimpleFiles
2013-08-19 21:30 - 2013-08-19 21:30 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\SimpleFiles
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-19 19:02 - 2012-05-02 11:20 - 00000264 _____ C:\windows\Tasks\RMSchedule.job
2013-08-18 16:20 - 2012-05-03 22:48 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Macromedia
2013-08-18 16:14 - 2013-04-12 01:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 14:13 - 2013-08-17 14:13 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-16 00:34 - 2013-08-16 00:29 - 00000728 _____ C:\Users\peppermint\Documents\0.ddi
2013-08-16 00:34 - 2013-08-16 00:29 - 00000059 _____ C:\Users\peppermint\Documents\settings.ddi
2013-08-16 00:34 - 2013-08-16 00:28 - 00000001 _____ C:\Users\peppermint\Documents\have_divx.avi.ddr
2013-08-16 00:28 - 2013-08-16 00:28 - 00094986 _____ C:\Users\peppermint\Documents\have_divx.avi
2013-08-15 18:16 - 2013-08-15 18:16 - 00000000 ____D C:\Users\peppermint\Downloads\Mucke versch
2013-08-15 08:56 - 2009-07-29 12:27 - 00000000 ____D C:\windows\Panther
2013-08-15 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-08-15 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-08-15 03:29 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-08-15 03:12 - 2013-08-15 03:09 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 03:09 - 2013-07-01 21:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 03:09 - 2013-03-18 23:46 - 75778376 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-15 03:05 - 2010-01-18 19:03 - 01659648 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 18:18 - 2013-06-07 07:00 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\AVS4YOU
2013-08-14 18:11 - 2012-05-02 11:18 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\AvaFind Data
2013-08-13 09:27 - 2013-08-13 09:27 - 00001989 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-08-13 09:26 - 2013-07-01 21:01 - 00000000 ____D C:\ProgramData\Adobe
2013-08-13 09:26 - 2010-01-18 19:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-13 09:26 - 2010-01-18 19:13 - 00000000 ____D C:\Program Files\Adobe
2013-08-13 09:19 - 2013-08-11 10:09 - 00000000 ____D C:\windows\pss
2013-08-13 09:19 - 2009-07-14 06:34 - 00021504 _____ C:\windows\system32\umstartup.etl
2013-08-13 09:16 - 2009-07-14 06:34 - 00021504 _____ C:\windows\system32\umstartup000.etl
2013-08-13 09:14 - 2013-08-13 09:14 - 00000091 _____ C:\Users\peppermint\AppData\Roaming\Safer-Networking.log
2013-08-12 20:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-08-07 19:17 - 2013-06-07 06:58 - 00000000 ____D C:\Program Files\AVS4YOU
2013-08-06 19:10 - 2013-07-17 07:53 - 01478656 _____ C:\Users\peppermint\s-1-5-21-3367545941-720271320-1893929590-1003.rrr
2013-08-06 19:10 - 2012-05-02 13:37 - 47431680 _____ C:\windows\system32\config\software.rrr
2013-08-06 19:10 - 2012-05-02 13:37 - 00110592 _____ C:\windows\system32\config\default.rrr
2013-08-06 19:08 - 2012-05-27 09:06 - 00003072 _____ C:\windows\system32\Cache.db
2013-08-03 06:59 - 2013-08-03 06:59 - 00000000 ____D C:\ProgramData\Installations
2013-08-02 15:57 - 2013-08-02 15:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-29 16:23 - 2013-07-29 16:23 - 00000000 ___HD C:\Users\peppermint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-07-29 10:35 - 2013-07-29 10:35 - 00000000 ____D C:\Users\peppermint\Documents\default
2013-07-28 12:30 - 2013-07-28 12:30 - 00001424 _____ C:\Users\peppermint\Documents\Projekt 4.cov
2013-07-28 09:42 - 2013-04-13 07:26 - 00000000 ____D C:\Users\peppermint\Documents\HÖRBÜCHER
2013-07-26 05:13 - 2013-08-15 03:01 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-15 03:01 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-26 05:13 - 2013-08-15 03:00 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-15 03:00 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-15 03:01 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-26 05:11 - 2013-08-15 03:00 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-26 04:49 - 2013-08-15 03:01 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-15 03:01 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-14 11:11 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-22 12:33 - 2012-04-23 18:26 - 00000000 ___RD C:\Users\peppermint\Desktop\Dance

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 00:43

==================== End Of Log ============================
--- --- ---
FRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-08-2013 03
Ran by peppermint at 2013-08-20 17:53:35
Running from C:\Users\peppermint\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03)
ALPS Touch Pad Driver
Ashampoo Burning Studio 2013 v.11.0.6 (Version: 11.0.6)
Auslogics Disk Defrag (Version: version 3.3)
Ava Find (Version: 1.4.112)
Avira Free Antivirus (Version: 13.0.0.3885)
AVS Cover Editor 2.0.1.3
AVS Disc Creator version 5.0.1
AVS Update Manager 1.0
AVS Video Converter 7
Broadcom Gigabit Integrated Controller (Version: 12.24.02)
Business Contact Manager für Outlook 2007 SP2 (Version: 3.0.8619.1)
CCleaner (Version: 3.16)
EasyCapture (Version: V4.0.09.1015)
Free Pdf Perfect Prereq (Version: 1.0.0.66)
Glary Utilities 2.54.0.1758 (Version: 2.54.0.1758)
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Intel® Matrix Storage Manager
Junk Mail filter update (Version: 14.0.8089.726)
Lenovo OneKey Recovery (Version: 7.0.0723)
Lenovo ReadyComm 5 (Version: 5.1.1.20)
Lenovo ReadyComm 5.0 Service (Version: 5.0.0.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1)
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.3.4035.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.4035.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
PC-Doctor für Windows (Version: 6.0.5426.03)
Power2Go (Version: 5.6.0.4809d4)
Registry Mechanic 10.0 (Version: 10.0)
Sandboxie 3.76 (32-bit) (Version: 3.76)
Secunia PSI (3.0.0.7009) (Version: 3.0.0.7009)
Spybot - Search & Destroy (Version: 2.0.12)
TuneUp Utilities (Version: 9.0.4400.15)
TuneUp Utilities Language Pack (de-DE) (Version: 9.0.4400.15)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2768023) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817642) 32-Bit Edition
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VeriFace (Version: 3.6.0.0921)
VLC media player 2.0.8 (Version: 2.0.8)
Windows Live Anmelde-Assistent (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Live-Uploadtool (Version: 14.0.8014.1029)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Utils
WinRAR 4.01 (32-Bit) (Version: 4.01.0)
 

==================== Restore Points  =========================


==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02E6C66A-96CF-48BF-BDCE-7ED3B556ED66} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe No File
Task: {04649F18-5894-494E-9C6A-7C2FC49FC232} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe No File
Task: {0C700342-EEFA-4BCF-ACCF-A71AA21EA436} - System32\Tasks\RMSchedule => C:\Program Files\Registry Mechanic\RegMech.exe No File
Task: {0E683B47-426A-49D1-B7DB-E9D71BDFA34B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe No File
Task: {1A301ECC-1A75-41E2-805E-97BF2CCD4B47} - System32\Tasks\RMSmartUpdate => C:\Program Files\Registry Mechanic\update.exe No File
Task: {1D016658-D594-4F22-8C32-194800931532} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {2F5B83E7-DCCC-498F-B3A7-C474FCF00CC3} - System32\Tasks\GlaryInitialize => C:\Program Files\Glary Utilities\initialize.exe [2013-03-19] (Glarysoft Ltd)
Task: {2FE4FA15-B775-4496-A38F-37092FED167B} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {32CBBFE9-D3F4-4B42-9383-F524508BAAD1} - System32\Tasks\User_Feed_Synchronization-{3DBDB86B-590C-4B59-8596-386DD8051C64} => C:\windows\system32\msfeedssync.exe [2013-05-25] (Microsoft Corporation)
Task: {549A849E-6D21-48D8-89F1-EA0B04416B5A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {9396BF01-3AFE-463C-A665-072D0B52BE58} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3367545941-720271320-1893929590-1003 => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {A0A7C661-2169-4201-892C-8E0EC070F347} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {B1BB33F7-C9B4-43F4-95B4-07DD40F581EE} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance => C:\Program Files\TuneUp Utilities 2010\OneClick.exe [2010-07-06] (TuneUp Software)
Task: {DF1E7780-054F-4720-98DD-53EC979D1EBE} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2010-11-20] (Microsoft Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize.job => C:\Program Files\Glary Utilities\initialize.exe
Task: C:\windows\Tasks\RMSchedule.job => C:\Program Files\Registry Mechanic\RegMech.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 05:42:19 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:41:49 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:41:19 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:40:49 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:40:18 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:39:48 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:39:18 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:38:48 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:38:18 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.

Error: (08/20/2013 05:37:48 PM) (Source: Windows Search Service) (User: )
Description: Fehler beim Entfernen des alten Suchindex durch Windows Search. Interner Fehler <0,0x80070002>.


System errors:
=============
Error: (08/20/2013 05:49:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 55 Mal passiert.

Error: (08/20/2013 05:49:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (08/20/2013 05:49:05 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 54 Mal passiert.

Error: (08/20/2013 05:49:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (08/20/2013 05:48:35 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 53 Mal passiert.

Error: (08/20/2013 05:48:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (08/20/2013 05:48:05 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 52 Mal passiert.

Error: (08/20/2013 05:48:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2

Error: (08/20/2013 05:46:20 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 51 Mal passiert.

Error: (08/20/2013 05:46:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem Fehler beendet:
%%2


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 2008.6 MB
Available physical RAM: 889.74 MB
Total Pagefile: 4017.2 MB
Available Pagefile: 2414.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:252.89 GB) (Free:196.4 GB) NTFS
Drive d: () (Fixed) (Total:30.25 GB) (Free:29.82 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================
--- --- ---


Gmer folgt .....

dunkelbunt 20.08.2013 17:58
GMER 2.1.19163 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-08-20 18:29:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 rev. 0,00MB
Running: gmer_2.1.19163.exe; Driver: C:\Users\PEPPER~1\AppData\Local\Temp\kfriqpob.sys


---- System - GMER 2.1 ----

SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0x971F9700]
SSDT 91C53CA8 ZwRequestWaitReplyPort
SSDT 91C53CA3 ZwSetContextThread
SSDT 91C53CAD ZwSetSecurityObject
SSDT 91C53CB2 ZwSystemDebugControl
SSDT 91C53C3F ZwTerminateProcess

Code 8EB18BFC ZwTraceEvent
Code 8EB18BFB NtTraceEvent

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C7CA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB6212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82CBD58C 4 Bytes [00, 97, 1F, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82CBD8E8 4 Bytes [A8, 3C, C5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82CBD92C 4 Bytes [A3, 3C, C5, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82CBD9A8 4 Bytes [AD, 3C, C5, 91] {LODSD ; CMP AL, 0xc5; XCHG ECX, EAX}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82CBD9FC 4 Bytes [B2, 3C, C5, 91]
.text ...
.text ntkrnlpa.exe!NtTraceEvent 82D06AE2 5 Bytes JMP 8EB18C00
? System32\drivers\ekbemwb.sys Das System kann den angegebenen Pfad nicht finden. !
? C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 2.1 ----

.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!RtlAdjustPrivilege 7785BC4A 5 Bytes JMP 00F61FA1 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcConnectPort 77895348 5 Bytes JMP 73EA7770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcCreatePort 77895358 5 Bytes JMP 73EA75F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcImpersonateClientOfPort 778953F8 5 Bytes JMP 73EA6040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcQueryInformation 77895428 5 Bytes JMP 73EA5D80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcQueryInformationMessage 77895438 5 Bytes JMP 73EA5DB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtAlpcSendWaitReceivePort 77895458 5 Bytes JMP 73EA66C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtClose 77895508 5 Bytes JMP 73E9C690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtConnectPort 77895598 5 Bytes JMP 73EA71B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateEvent 778955E8 5 Bytes JMP 73EA7C50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 73E9CF20 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateKey 77895648 5 Bytes JMP 73EAC3E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateMailslotFile 77895678 5 Bytes JMP 73E99EE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateMutant 77895688 5 Bytes JMP 73EA7FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateNamedPipeFile 77895698 5 Bytes JMP 73E9A080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreatePort 778956B8 5 Bytes JMP 73EA7040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateSection 77895728 5 Bytes JMP 73EA8700 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtCreateSemaphore 77895738 5 Bytes JMP 73EA8360 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtDeleteFile 77895848 5 Bytes JMP 73E95B50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtDeleteKey 77895858 5 Bytes JMP 73EAD000 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtDeleteValueKey 77895888 5 Bytes JMP 73EADD80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtDeviceIoControlFile 77895898 5 Bytes JMP 73E9A280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtEnumerateKey 77895928 5 Bytes JMP 73EAD3B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtEnumerateValueKey 77895958 5 Bytes JMP 73EAD9C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtFsControlFile 77895A48 5 Bytes JMP 73E9C530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtImpersonateClientOfPort 77895B08 5 Bytes JMP 73EA6010 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtLoadDriver 77895B98 5 Bytes JMP 73EAF650 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtLoadKey 77895BA8 5 Bytes JMP 73EAB610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtMapViewOfSection 77895C68 5 Bytes JMP 73EAF8C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtNotifyChangeKey 77895CA8 5 Bytes JMP 73EAC070 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtNotifyChangeMultipleKeys 77895CB8 5 Bytes JMP 73EAB250 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenEvent 77895CF8 5 Bytes JMP 73EA7E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 73E9E520 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenKey 77895D48 5 Bytes JMP 73EACF80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenKeyEx 77895D58 5 Bytes JMP 73EACFB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenMutant 77895D98 5 Bytes JMP 73EA81B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenSection 77895E08 5 Bytes JMP 73EA8930 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtOpenSemaphore 77895E18 5 Bytes JMP 73EA8550 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryAttributesFile 77895F78 5 Bytes JMP 73E95940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryDirectoryFile 77895FD8 5 Bytes JMP 73E9A410 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryFullAttributesFile 77896028 5 Bytes JMP 73E99450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 73E9DEA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryKey 77896128 5 Bytes JMP 73EAD020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryMultipleValueKey 77896148 5 Bytes JMP 73EADB50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryValueKey 77896288 5 Bytes JMP 73EAD780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtQueryVolumeInformationFile 778962A8 5 Bytes JMP 73E9C870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 73E93220 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtRenameKey 77896408 5 Bytes JMP 73EAB5E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtRequestWaitReplyPort 77896498 5 Bytes JMP 73EA64E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtSaveKey 77896538 5 Bytes JMP 73E8F690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtSecureConnectPort 77896568 5 Bytes JMP 73EA73B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 73E9E2A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtSetInformationProcess 778966B8 5 Bytes JMP 00F61FCE C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtSetValueKey 77896848 5 Bytes JMP 73EABF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 73E932F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!LdrUnloadDll 778AC8DE 3 Bytes JMP 73EAF400 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!LdrUnloadDll + 4 778AC8E2 1 Byte [FC]
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!RtlGetFullPathName_UEx 778B5D4E 5 Bytes JMP 73E9B020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!RtlSetCurrentDirectory_U 778C4ECD 5 Bytes JMP 73E9ADE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ntdll.dll!RtlGetCurrentDirectory_U 778C4F90 5 Bytes JMP 73E9ABA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] kernel32.dll!MoveFileWithProgressW 77688DD4 5 Bytes JMP 73E93F80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] kernel32.dll!ReplaceFile 776A1708 5 Bytes JMP 73E9E490 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!StartServiceW 75E37974 5 Bytes JMP 00F61D52 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!QueryServiceStatusEx 75E3798C 5 Bytes JMP 00F61C46 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!RegConnectRegistryW 75E38F01 5 Bytes JMP 73E89180 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!StartServiceCtrlDispatcherW 75E3A965 5 Bytes JMP 00F61B5A C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!SetServiceStatus 75E3C7A6 5 Bytes JMP 00F61A5C C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!OpenServiceW 75E3CA4C 5 Bytes JMP 00F61B83 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!LookupAccountNameW 75E3E276 5 Bytes JMP 73E890B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!QueryServiceStatus 75E42A86 5 Bytes JMP 00F61CFE C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CloseServiceHandle 75E4369C 5 Bytes JMP 00F61C16 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!ControlService 75E57144 5 Bytes JMP 00F61D92 C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredWriteA 75E77051 5 Bytes JMP 73E8D780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredWriteW 75E77109 5 Bytes JMP 73E8D140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredReadA 75E771C1 5 Bytes JMP 73E8D840 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredReadW 75E772A1 5 Bytes JMP 73E8D1D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredEnumerateA 75E77381 5 Bytes JMP 73E8D8A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredEnumerateW 75E77481 5 Bytes JMP 73E8D530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredWriteDomainCredentialsA 75E77581 5 Bytes JMP 73E8D7B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredWriteDomainCredentialsW 75E77661 5 Bytes JMP 73E8D2B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredReadDomainCredentialsA 75E77741 5 Bytes JMP 73E8D870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredReadDomainCredentialsW 75E77841 5 Bytes JMP 73E8D3A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredDeleteA 75E77941 5 Bytes JMP 73E8D810 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredDeleteW 75E779F1 5 Bytes JMP 73E8D4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!CredRenameA 75E77AA1 5 Bytes JMP 73E8D750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!GetEffectiveRightsFromAclW 75E817B1 5 Bytes JMP 73E892B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!RegConnectRegistryA 75E8EF59 5 Bytes JMP 73E89140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ADVAPI32.dll!EnumServicesStatusA + 3 75E92024 2 Bytes [02, FE] {ADD BH, DH}
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RegisterClassExA 76586293 5 Bytes JMP 73EA0CA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RegisterDeviceNotificationA 76586C53 5 Bytes JMP 73E9F800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetWindowTextA 76586EED 5 Bytes JMP 73EA1AA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!FindWindowExA 76586F69 5 Bytes JMP 73EA1FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassInfoExA 76586FD9 5 Bytes JMP 73EA1040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassInfoA 76587158 5 Bytes JMP 73EA1120 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetParent 76588314 5 Bytes JMP 73E9F620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetWindowLongA 76588BA3 5 Bytes JMP 73EA2940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!MoveWindow 76588D29 5 Bytes JMP 73E9F660 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!UnregisterClassA 76588D70 5 Bytes JMP 73EA0F70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!FindWindowA 76588FF3 5 Bytes JMP 73EA1EC0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetWindowLongA 7658A95E 5 Bytes JMP 73EA2750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendMessageA 7658AD60 5 Bytes JMP 73EA2ED0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!UnhookWindowsHookEx 7658ADF9 5 Bytes JMP 73EA3620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!FindWindowW 7658AE0D 5 Bytes JMP 73EA1E30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!PostMessageA 7658B446 5 Bytes JMP 73EA31F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!EnumDesktopWindows 7658B4C7 5 Bytes JMP 73EA1D10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!EnumThreadWindows 7658B712 5 Bytes JMP 73EA1CE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetWindowTextW 7658B8C5 5 Bytes JMP 73EA1A70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!UnregisterClassW 7658B9AE 2 Bytes JMP 73EA0F10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!UnregisterClassW + 3 7658B9B1 2 Bytes [91, FD] {XCHG ECX, EAX; STD }
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DefWindowProcA 7658BB1C 5 Bytes JMP 73E9F560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RegisterClassA 7658BC6A 5 Bytes JMP 73EA0E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateWindowExA 7658BF40 5 Bytes JMP 73E9F280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendNotifyMessageW 7658C88A 5 Bytes JMP 73EA3190 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetWindowsHookExW 7658E30C 5 Bytes JMP 73EA3940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendMessageTimeoutW 7658E459 5 Bytes JMP 73EA3080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateWindowExW 7658EC7C 5 Bytes JMP 73E9F160 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RegisterClassW 7658ED4A 5 Bytes JMP 73EA0D70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RegisterClassExW 76590162 5 Bytes JMP 73EA0BD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassInfoExW 7659095E 5 Bytes JMP 73EA0FD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassInfoW 76590AC2 5 Bytes JMP 73EA10B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetWindowPos 76591BC4 5 Bytes JMP 73E9F6B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!EnumChildWindows 76592948 5 Bytes JMP 73EA1CB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassNameW 76592A29 5 Bytes JMP 73EA02F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DispatchMessageA 76592E32 5 Bytes JMP 73EA2BA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetShellWindow 76592FCB 5 Bytes JMP 73EA2090 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!EnumWindows 7659375B 5 Bytes JMP 73EA1C60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetWindowLongW 76594449 5 Bytes JMP 73EA28B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!PostMessageW 7659447B 5 Bytes JMP 73EA3270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DefWindowProcW 7659507D 5 Bytes JMP 73E9F4F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendMessageW 76595539 5 Bytes JMP 73EA2F60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetPropW 76595BBE 5 Bytes JMP 73EA2470 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetPropW 76595DC5 5 Bytes JMP 73EA2530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RemovePropW 76595FE1 5 Bytes JMP 73EA25D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetWindowLongW 765961B8 5 Bytes JMP 73EA26D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DispatchMessageW 7659CC61 5 Bytes JMP 73EA2BF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!NotifyWinEvent + 5D2 7659D590 4 Bytes [B0, 07, EA, 73]
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateDialogParamA 765A1F42 5 Bytes JMP 73EA4600 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DialogBoxParamW 765A3B9B 5 Bytes JMP 73EA4640 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendNotifyMessageA 765A493C 5 Bytes JMP 73EA3130 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateDialogIndirectParamA 765A721D 5 Bytes JMP 73EA4530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateDialogIndirectParamW 765AEA10 5 Bytes JMP 73EA4500 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetClassNameA 765B2445 5 Bytes JMP 73EA03D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!RemovePropA 765B2551 5 Bytes JMP 73EA2610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetPropA 765B28E5 5 Bytes JMP 73EA2580 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!GetPropA 765B2B61 5 Bytes JMP 73EA24F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DialogBoxIndirectParamAorW 765B3B40 5 Bytes JMP 73EA44B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DialogBoxIndirectParamW 765B3B7F 5 Bytes JMP 73EA4560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateDialogIndirectParamAorW 765B5327 5 Bytes JMP 73EA4450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!CreateDialogParamW 765B5630 5 Bytes JMP 73EA45C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetWindowsHookExA 765B6D0C 5 Bytes JMP 73EA38F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SendMessageTimeoutA 765B6DA9 5 Bytes JMP 73EA3020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!FindWindowExW 765B712B 5 Bytes JMP 73EA1F50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SetDoubleClickTime 765CC1CB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!SwapMouseButton 765CC1FB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DialogBoxParamA 765CCF42 5 Bytes JMP 73EA4680 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!DialogBoxIndirectParamA 765CD274 5 Bytes JMP 73EA4590 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!EndTask 765CFD66 5 Bytes JMP 73E9F770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] USER32.dll!ExitWindowsEx 765D06C7 5 Bytes JMP 73E9F5D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!EnumFontFamiliesExW 77A3CE94 5 Bytes JMP 73E9EF50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!GdiAddFontResourceW 77A3E1F1 5 Bytes JMP 73E9EB00 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!EnumFontFamiliesExA 77A50B50 5 Bytes JMP 73E9EF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!CreateScalableFontResourceW 77A5E817 5 Bytes JMP 73E9ECF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!RemoveFontResourceExW 77A5EC5C 5 Bytes JMP 73E9EB90 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] GDI32.dll!GetFontResourceInfoW 77A5EE2D 5 Bytes JMP 73E9EC10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoMarshalInterface 7644EF03 5 Bytes JMP 73E8A800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoUnmarshalInterface 7644F150 5 Bytes JMP 73E8C4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoGetClassObject 764554AD 5 Bytes JMP 73E8C0F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoCreateInstance 76469D0B 5 Bytes JMP 73E8C270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoCreateInstanceEx 76469D4E 5 Bytes JMP 73E8C370 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe[1080] ole32.dll!CoGetObject 7647B68D 5 Bytes JMP 73E8C1A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!RtlAdjustPrivilege 7785BC4A 5 Bytes JMP 013123C1 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcConnectPort 77895348 5 Bytes JMP 73EA7770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcCreatePort 77895358 5 Bytes JMP 73EA75F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcImpersonateClientOfPort 778953F8 5 Bytes JMP 73EA6040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcQueryInformation 77895428 5 Bytes JMP 73EA5D80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcQueryInformationMessage 77895438 5 Bytes JMP 73EA5DB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtAlpcSendWaitReceivePort 77895458 5 Bytes JMP 73EA66C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtClose 77895508 5 Bytes JMP 73E9C690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtConnectPort 77895598 5 Bytes JMP 73EA71B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateEvent 778955E8 5 Bytes JMP 73EA7C50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 73E9CF20 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateKey 77895648 5 Bytes JMP 73EAC3E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateMailslotFile 77895678 5 Bytes JMP 73E99EE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateMutant 77895688 5 Bytes JMP 73EA7FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateNamedPipeFile 77895698 5 Bytes JMP 73E9A080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreatePort 778956B8 5 Bytes JMP 73EA7040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateSection 77895728 5 Bytes JMP 73EA8700 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtCreateSemaphore 77895738 5 Bytes JMP 73EA8360 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtDeleteFile 77895848 5 Bytes JMP 73E95B50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtDeleteKey 77895858 5 Bytes JMP 73EAD000 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtDeleteValueKey 77895888 5 Bytes JMP 73EADD80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtDeviceIoControlFile 77895898 5 Bytes JMP 73E9A280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtEnumerateKey 77895928 5 Bytes JMP 73EAD3B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtEnumerateValueKey 77895958 5 Bytes JMP 73EAD9C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtFsControlFile 77895A48 5 Bytes JMP 73E9C530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtImpersonateClientOfPort 77895B08 5 Bytes JMP 73EA6010 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtLoadDriver 77895B98 5 Bytes JMP 73EAF650 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtLoadKey 77895BA8 5 Bytes JMP 73EAB610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtMapViewOfSection 77895C68 5 Bytes JMP 73EAF8C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtNotifyChangeKey 77895CA8 5 Bytes JMP 73EAC070 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtNotifyChangeMultipleKeys 77895CB8 5 Bytes JMP 73EAB250 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenEvent 77895CF8 5 Bytes JMP 73EA7E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 73E9E520 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenKey 77895D48 5 Bytes JMP 73EACF80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenKeyEx 77895D58 5 Bytes JMP 73EACFB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenMutant 77895D98 5 Bytes JMP 73EA81B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenSection 77895E08 5 Bytes JMP 73EA8930 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtOpenSemaphore 77895E18 5 Bytes JMP 73EA8550 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryAttributesFile 77895F78 5 Bytes JMP 73E95940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryDirectoryFile 77895FD8 5 Bytes JMP 73E9A410 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryFullAttributesFile 77896028 5 Bytes JMP 73E99450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 73E9DEA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryKey 77896128 5 Bytes JMP 73EAD020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryMultipleValueKey 77896148 5 Bytes JMP 73EADB50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryValueKey 77896288 5 Bytes JMP 73EAD780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtQueryVolumeInformationFile 778962A8 5 Bytes JMP 73E9C870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 73E93220 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtRenameKey 77896408 5 Bytes JMP 73EAB5E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtRequestWaitReplyPort 77896498 5 Bytes JMP 73EA64E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtSaveKey 77896538 5 Bytes JMP 73E8F690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtSecureConnectPort 77896568 5 Bytes JMP 73EA73B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 73E9E2A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtSetInformationProcess 778966B8 5 Bytes JMP 013123EE C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtSetValueKey 77896848 5 Bytes JMP 73EABF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 73E932F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!LdrUnloadDll 778AC8DE 3 Bytes JMP 73EAF400 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!LdrUnloadDll + 4 778AC8E2 1 Byte [FC]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!RtlGetFullPathName_UEx 778B5D4E 5 Bytes JMP 73E9B020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!RtlSetCurrentDirectory_U 778C4ECD 5 Bytes JMP 73E9ADE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ntdll.dll!RtlGetCurrentDirectory_U 778C4F90 5 Bytes JMP 73E9ABA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] kernel32.dll!MoveFileWithProgressW 77688DD4 5 Bytes JMP 73E93F80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] kernel32.dll!ReplaceFile 776A1708 5 Bytes JMP 73E9E490 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!StartServiceW 75E37974 5 Bytes JMP 01312172 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!QueryServiceStatusEx 75E3798C 5 Bytes JMP 01312066 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!RegConnectRegistryW 75E38F01 5 Bytes JMP 73E89180 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!StartServiceCtrlDispatcherW 75E3A965 5 Bytes JMP 01311F7A C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!SetServiceStatus 75E3C7A6 5 Bytes JMP 01311E7C C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!OpenServiceW 75E3CA4C 2 Bytes JMP 01311FA3 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!OpenServiceW + 3 75E3CA4F 2 Bytes [4D, 8B]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!LookupAccountNameW 75E3E276 5 Bytes JMP 73E890B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!QueryServiceStatus 75E42A86 5 Bytes JMP 0131211E C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CloseServiceHandle 75E4369C 5 Bytes JMP 01312036 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!RegOpenKeyExW 75E4468D 5 Bytes JMP 013127BE C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!RegQueryValueExW 75E446AD 5 Bytes JMP 01312845 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!ControlService 75E57144 5 Bytes JMP 013121B2 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredWriteA 75E77051 5 Bytes JMP 73E8D780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredWriteW 75E77109 5 Bytes JMP 73E8D140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredReadA 75E771C1 5 Bytes JMP 73E8D840 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredReadW 75E772A1 5 Bytes JMP 73E8D1D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredEnumerateA 75E77381 5 Bytes JMP 73E8D8A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredEnumerateW 75E77481 5 Bytes JMP 73E8D530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredWriteDomainCredentialsA 75E77581 5 Bytes JMP 73E8D7B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredWriteDomainCredentialsW 75E77661 5 Bytes JMP 73E8D2B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredReadDomainCredentialsA 75E77741 5 Bytes JMP 73E8D870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredReadDomainCredentialsW 75E77841 5 Bytes JMP 73E8D3A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredDeleteA 75E77941 5 Bytes JMP 73E8D810 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredDeleteW 75E779F1 5 Bytes JMP 73E8D4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!CredRenameA 75E77AA1 5 Bytes JMP 73E8D750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!GetEffectiveRightsFromAclW 75E817B1 5 Bytes JMP 73E892B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!RegConnectRegistryA 75E8EF59 5 Bytes JMP 73E89140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ADVAPI32.dll!EnumServicesStatusA + 3 75E92024 2 Bytes [02, FE] {ADD BH, DH}
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RegisterClassExA 76586293 5 Bytes JMP 73EA0CA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RegisterDeviceNotificationA 76586C53 5 Bytes JMP 73E9F800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetWindowTextA 76586EED 5 Bytes JMP 73EA1AA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!FindWindowExA 76586F69 5 Bytes JMP 73EA1FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassInfoExA 76586FD9 5 Bytes JMP 73EA1040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassInfoA 76587158 5 Bytes JMP 73EA1120 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetParent 76588314 5 Bytes JMP 73E9F620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetWindowLongA 76588BA3 5 Bytes JMP 73EA2940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!MoveWindow 76588D29 5 Bytes JMP 73E9F660 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!UnregisterClassA 76588D70 5 Bytes JMP 73EA0F70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!FindWindowA 76588FF3 5 Bytes JMP 73EA1EC0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetWindowLongA 7658A95E 5 Bytes JMP 73EA2750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendMessageA 7658AD60 5 Bytes JMP 73EA2ED0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!UnhookWindowsHookEx 7658ADF9 5 Bytes JMP 73EA3620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!FindWindowW 7658AE0D 5 Bytes JMP 73EA1E30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!PostMessageA 7658B446 5 Bytes JMP 73EA31F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!EnumDesktopWindows 7658B4C7 5 Bytes JMP 73EA1D10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!EnumThreadWindows 7658B712 5 Bytes JMP 73EA1CE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetWindowTextW 7658B8C5 5 Bytes JMP 73EA1A70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!UnregisterClassW 7658B9AE 2 Bytes JMP 73EA0F10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!UnregisterClassW + 3 7658B9B1 2 Bytes [91, FD] {XCHG ECX, EAX; STD }
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DefWindowProcA 7658BB1C 5 Bytes JMP 73E9F560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RegisterClassA 7658BC6A 5 Bytes JMP 73EA0E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateWindowExA 7658BF40 5 Bytes JMP 73E9F280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendNotifyMessageW 7658C88A 5 Bytes JMP 73EA3190 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetWindowsHookExW 7658E30C 5 Bytes JMP 73EA3940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendMessageTimeoutW 7658E459 5 Bytes JMP 73EA3080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateWindowExW 7658EC7C 5 Bytes JMP 73E9F160 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RegisterClassW 7658ED4A 5 Bytes JMP 73EA0D70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RegisterClassExW 76590162 5 Bytes JMP 73EA0BD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassInfoExW 7659095E 5 Bytes JMP 73EA0FD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassInfoW 76590AC2 5 Bytes JMP 73EA10B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetWindowPos 76591BC4 5 Bytes JMP 73E9F6B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!EnumChildWindows 76592948 5 Bytes JMP 73EA1CB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassNameW 76592A29 5 Bytes JMP 73EA02F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DispatchMessageA 76592E32 5 Bytes JMP 73EA2BA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetShellWindow 76592FCB 5 Bytes JMP 73EA2090 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!EnumWindows 7659375B 5 Bytes JMP 73EA1C60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetWindowLongW 76594449 5 Bytes JMP 73EA28B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!PostMessageW 7659447B 5 Bytes JMP 73EA3270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DefWindowProcW 7659507D 5 Bytes JMP 73E9F4F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendMessageW 76595539 5 Bytes JMP 73EA2F60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetPropW 76595BBE 5 Bytes JMP 73EA2470 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetPropW 76595DC5 5 Bytes JMP 73EA2530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RemovePropW 76595FE1 5 Bytes JMP 73EA25D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetWindowLongW 765961B8 5 Bytes JMP 73EA26D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DispatchMessageW 7659CC61 5 Bytes JMP 73EA2BF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!NotifyWinEvent + 5D2 7659D590 4 Bytes [B0, 07, EA, 73]
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateDialogParamA 765A1F42 5 Bytes JMP 73EA4600 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DialogBoxParamW 765A3B9B 5 Bytes JMP 73EA4640 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendNotifyMessageA 765A493C 5 Bytes JMP 73EA3130 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateDialogIndirectParamA 765A721D 5 Bytes JMP 73EA4530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateDialogIndirectParamW 765AEA10 5 Bytes JMP 73EA4500 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetClassNameA 765B2445 5 Bytes JMP 73EA03D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!RemovePropA 765B2551 5 Bytes JMP 73EA2610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetPropA 765B28E5 5 Bytes JMP 73EA2580 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!GetPropA 765B2B61 5 Bytes JMP 73EA24F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DialogBoxIndirectParamAorW 765B3B40 5 Bytes JMP 73EA44B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DialogBoxIndirectParamW 765B3B7F 5 Bytes JMP 73EA4560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateDialogIndirectParamAorW 765B5327 5 Bytes JMP 73EA4450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!CreateDialogParamW 765B5630 5 Bytes JMP 73EA45C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetWindowsHookExA 765B6D0C 5 Bytes JMP 73EA38F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SendMessageTimeoutA 765B6DA9 5 Bytes JMP 73EA3020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!FindWindowExW 765B712B 5 Bytes JMP 73EA1F50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SetDoubleClickTime 765CC1CB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!SwapMouseButton 765CC1FB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DialogBoxParamA 765CCF42 5 Bytes JMP 73EA4680 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!DialogBoxIndirectParamA 765CD274 5 Bytes JMP 73EA4590 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!EndTask 765CFD66 5 Bytes JMP 73E9F770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] USER32.dll!ExitWindowsEx 765D06C7 5 Bytes JMP 73E9F5D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!EnumFontFamiliesExW 77A3CE94 5 Bytes JMP 73E9EF50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!GdiAddFontResourceW 77A3E1F1 5 Bytes JMP 73E9EB00 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!EnumFontFamiliesExA 77A50B50 5 Bytes JMP 73E9EF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!CreateScalableFontResourceW 77A5E817 5 Bytes JMP 73E9ECF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!RemoveFontResourceExW 77A5EC5C 5 Bytes JMP 73E9EB90 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] GDI32.dll!GetFontResourceInfoW 77A5EE2D 5 Bytes JMP 73E9EC10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] WS2_32.dll!WSASocketW 779F3CD3 5 Bytes JMP 0131275B C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] WS2_32.dll!bind 779F4582 5 Bytes JMP 013126AD C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] WS2_32.dll!gethostname 779FA05B 5 Bytes JMP 013126C1 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] WS2_32.dll!listen 779FB001 5 Bytes JMP 013126B7 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] WS2_32.dll!gethostbyname 77A07673 5 Bytes JMP 013126F5 C:\Program Files\Sandboxie\SandboxieRpcSs.exe
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoMarshalInterface 7644EF03 5 Bytes JMP 73E8A800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoUnmarshalInterface 7644F150 5 Bytes JMP 73E8C4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoGetClassObject 764554AD 5 Bytes JMP 73E8C0F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoCreateInstance 76469D0B 5 Bytes JMP 73E8C270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoCreateInstanceEx 76469D4E 5 Bytes JMP 73E8C370 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Sandboxie\SandboxieRpcSs.exe[2400] ole32.dll!CoGetObject

Teil1

dunkelbunt 20.08.2013 18:03
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcConnectPort 77895348 5 Bytes JMP 73EA7770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcCreatePort 77895358 5 Bytes JMP 73EA75F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcImpersonateClientOfPort 778953F8 5 Bytes JMP 73EA6040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcQueryInformation 77895428 5 Bytes JMP 73EA5D80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcQueryInformationMessage 77895438 5 Bytes JMP 73EA5DB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtAlpcSendWaitReceivePort 77895458 5 Bytes JMP 73EA66C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtClose 77895508 5 Bytes JMP 73E9C690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtConnectPort 77895598 5 Bytes JMP 73EA71B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateEvent 778955E8 5 Bytes JMP 73EA7C50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateFile 77895608 5 Bytes JMP 73E9CF20 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateKey 77895648 5 Bytes JMP 73EAC3E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateMailslotFile 77895678 5 Bytes JMP 73E99EE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateMutant 77895688 5 Bytes JMP 73EA7FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateNamedPipeFile 77895698 5 Bytes JMP 73E9A080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreatePort 778956B8 5 Bytes JMP 73EA7040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateSection 77895728 5 Bytes JMP 73EA8700 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtCreateSemaphore 77895738 5 Bytes JMP 73EA8360 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtDeleteFile 77895848 5 Bytes JMP 73E95B50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtDeleteKey 77895858 5 Bytes JMP 73EAD000 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtDeleteValueKey 77895888 5 Bytes JMP 73EADD80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtDeviceIoControlFile 77895898 5 Bytes JMP 73E9A280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtEnumerateKey 77895928 5 Bytes JMP 73EAD3B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtEnumerateValueKey 77895958 5 Bytes JMP 73EAD9C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtFsControlFile 77895A48 5 Bytes JMP 73E9C530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtImpersonateClientOfPort 77895B08 5 Bytes JMP 73EA6010 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtLoadDriver 77895B98 5 Bytes JMP 73EAF650 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtLoadKey 77895BA8 5 Bytes JMP 73EAB610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtMapViewOfSection 77895C68 5 Bytes JMP 73EAF8C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtNotifyChangeKey 77895CA8 5 Bytes JMP 73EAC070 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtNotifyChangeMultipleKeys 77895CB8 5 Bytes JMP 73EAB250 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenEvent 77895CF8 5 Bytes JMP 73EA7E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenFile 77895D18 5 Bytes JMP 73E9E520 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenKey 77895D48 5 Bytes JMP 73EACF80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenKeyEx 77895D58 5 Bytes JMP 73EACFB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenMutant 77895D98 5 Bytes JMP 73EA81B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenSection 77895E08 5 Bytes JMP 73EA8930 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtOpenSemaphore 77895E18 5 Bytes JMP 73EA8550 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryAttributesFile 77895F78 5 Bytes JMP 73E95940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryDirectoryFile 77895FD8 5 Bytes JMP 73E9A410 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryFullAttributesFile 77896028 5 Bytes JMP 73E99450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryInformationFile 77896058 5 Bytes JMP 73E9DEA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryKey 77896128 5 Bytes JMP 73EAD020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryMultipleValueKey 77896148 5 Bytes JMP 73EADB50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryValueKey 77896288 5 Bytes JMP 73EAD780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtQueryVolumeInformationFile 778962A8 5 Bytes JMP 73E9C870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtReadFile 778962F8 5 Bytes JMP 73E93220 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtRenameKey 77896408 5 Bytes JMP 73EAB5E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtRequestWaitReplyPort 77896498 5 Bytes JMP 73EA64E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtSaveKey 77896538 5 Bytes JMP 73E8F690 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtSecureConnectPort 77896568 5 Bytes JMP 73EA73B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtSetInformationFile 77896678 5 Bytes JMP 73E9E2A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtSetValueKey 77896848 5 Bytes JMP 73EABF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!NtWriteFile 77896AA8 5 Bytes JMP 73E932F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrUnloadDll 778AC8DE 3 Bytes JMP 73EAF400 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrUnloadDll + 4 778AC8E2 1 Byte [FC]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!LdrLoadDll 778B22AE 5 Bytes JMP 66DFF140 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!RtlGetFullPathName_UEx 778B5D4E 5 Bytes JMP 73E9B020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!RtlSetCurrentDirectory_U 778C4ECD 5 Bytes JMP 73E9ADE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ntdll.dll!RtlGetCurrentDirectory_U 778C4F90 5 Bytes JMP 73E9ABA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] kernel32.dll!MoveFileWithProgressW 77688DD4 5 Bytes JMP 73E93F80 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 7768941E 7 Bytes JMP 6741FDD2 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] kernel32.dll!QueryPerformanceCounter + 13 7768C435 7 Bytes JMP 6741FDF5 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] kernel32.dll!LoadAppInitDlls + 355 7768F4F6 7 Bytes JMP 66E02942 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] kernel32.dll!ReplaceFile 776A1708 5 Bytes JMP 73E9E490 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RegisterClassExA 76586293 5 Bytes JMP 73EA0CA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RegisterDeviceNotificationA 76586C53 5 Bytes JMP 73E9F800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetWindowTextA 76586EED 5 Bytes JMP 73EA1AA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!FindWindowExA 76586F69 5 Bytes JMP 73EA1FF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassInfoExA 76586FD9 5 Bytes JMP 73EA1040 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassInfoA 76587158 5 Bytes JMP 73EA1120 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetParent 76588314 5 Bytes JMP 73E9F620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetWindowLongA 76588BA3 5 Bytes JMP 73EA2940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!MoveWindow 76588D29 5 Bytes JMP 73E9F660 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!UnregisterClassA 76588D70 5 Bytes JMP 73EA0F70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!FindWindowA 76588FF3 5 Bytes JMP 73EA1EC0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetWindowLongA 7658A95E 5 Bytes JMP 73EA2750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendMessageA 7658AD60 5 Bytes JMP 73EA2ED0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!UnhookWindowsHookEx 7658ADF9 5 Bytes JMP 73EA3620 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!FindWindowW 7658AE0D 5 Bytes JMP 73EA1E30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!PostMessageA 7658B446 5 Bytes JMP 73EA31F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!EnumDesktopWindows 7658B4C7 5 Bytes JMP 73EA1D10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!EnumThreadWindows 7658B712 5 Bytes JMP 73EA1CE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetWindowTextW 7658B8C5 5 Bytes JMP 73EA1A70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!UnregisterClassW 7658B9AE 2 Bytes JMP 73EA0F10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!UnregisterClassW + 3 7658B9B1 2 Bytes [91, FD] {XCHG ECX, EAX; STD }
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DefWindowProcA 7658BB1C 5 Bytes JMP 73E9F560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RegisterClassA 7658BC6A 5 Bytes JMP 73EA0E40 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateWindowExA 7658BF40 5 Bytes JMP 73E9F280 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendNotifyMessageW 7658C88A 5 Bytes JMP 73EA3190 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetWindowsHookExW 7658E30C 5 Bytes JMP 73EA3940 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendMessageTimeoutW 7658E459 5 Bytes JMP 73EA3080 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateWindowExW 7658EC7C 5 Bytes JMP 73E9F160 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RegisterClassW 7658ED4A 5 Bytes JMP 73EA0D70 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RegisterClassExW 76590162 5 Bytes JMP 73EA0BD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassInfoExW 7659095E 5 Bytes JMP 73EA0FD0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassInfoW 76590AC2 5 Bytes JMP 73EA10B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetWindowPos 76591BC4 5 Bytes JMP 73E9F6B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!EnumChildWindows 76592948 5 Bytes JMP 73EA1CB0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassNameW 76592A29 5 Bytes JMP 73EA02F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DispatchMessageA 76592E32 5 Bytes JMP 73EA2BA0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetShellWindow 76592FCB 5 Bytes JMP 73EA2090 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!EnumWindows 7659375B 5 Bytes JMP 73EA1C60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetWindowLongW 76594449 5 Bytes JMP 73EA28B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!PostMessageW 7659447B 5 Bytes JMP 73EA3270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DefWindowProcW 7659507D 5 Bytes JMP 73E9F4F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendMessageW 76595539 5 Bytes JMP 73EA2F60 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetPropW 76595BBE 5 Bytes JMP 73EA2470 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetPropW 76595DC5 5 Bytes JMP 73EA2530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RemovePropW 76595FE1 5 Bytes JMP 73EA25D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetWindowLongW 765961B8 5 Bytes JMP 73EA26D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DispatchMessageW 7659CC61 5 Bytes JMP 73EA2BF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!NotifyWinEvent + 5D2 7659D590 4 Bytes [B0, 07, EA, 73]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateDialogParamA 765A1F42 5 Bytes JMP 73EA4600 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DialogBoxParamW 765A3B9B 5 Bytes JMP 73EA4640 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendNotifyMessageA 765A493C 5 Bytes JMP 73EA3130 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateDialogIndirectParamA 765A721D 5 Bytes JMP 73EA4530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateDialogIndirectParamW 765AEA10 5 Bytes JMP 73EA4500 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetClassNameA 765B2445 5 Bytes JMP 73EA03D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!RemovePropA 765B2551 5 Bytes JMP 73EA2610 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetPropA 765B28E5 5 Bytes JMP 73EA2580 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!GetPropA 765B2B61 5 Bytes JMP 73EA24F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DialogBoxIndirectParamAorW 765B3B40 5 Bytes JMP 73EA44B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DialogBoxIndirectParamW 765B3B7F 5 Bytes JMP 73EA4560 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateDialogIndirectParamAorW 765B5327 5 Bytes JMP 73EA4450 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!CreateDialogParamW 765B5630 5 Bytes JMP 73EA45C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetWindowsHookExA 765B6D0C 5 Bytes JMP 73EA38F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SendMessageTimeoutA 765B6DA9 5 Bytes JMP 73EA3020 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!FindWindowExW 765B712B 5 Bytes JMP 73EA1F50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SetDoubleClickTime 765CC1CB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!SwapMouseButton 765CC1FB 5 Bytes JMP 73E9F820 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DialogBoxParamA 765CCF42 5 Bytes JMP 73EA4680 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!DialogBoxIndirectParamA 765CD274 5 Bytes JMP 73EA4590 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!EndTask 765CFD66 5 Bytes JMP 73E9F770 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] USER32.dll!ExitWindowsEx 765D06C7 5 Bytes JMP 73E9F5D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetViewportOrgEx + 26C 77A3884B 7 Bytes JMP 6741FD53 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!EnumFontFamiliesExW 77A3CE94 5 Bytes JMP 73E9EF50 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GdiAddFontResourceW 77A3E1F1 5 Bytes JMP 73E9EB00 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!EnumFontFamiliesExA 77A50B50 5 Bytes JMP 73E9EF30 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!CreateScalableFontResourceW 77A5E817 5 Bytes JMP 73E9ECF0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!RemoveFontResourceExW 77A5EC5C 5 Bytes JMP 73E9EB90 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] GDI32.dll!GetFontResourceInfoW 77A5EE2D 5 Bytes JMP 73E9EC10 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!RegConnectRegistryW 75E38F01 5 Bytes JMP 73E89180 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!LookupAccountNameW 75E3E276 5 Bytes JMP 73E890B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredWriteA 75E77051 5 Bytes JMP 73E8D780 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredWriteW 75E77109 5 Bytes JMP 73E8D140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredReadA 75E771C1 5 Bytes JMP 73E8D840 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredReadW 75E772A1 5 Bytes JMP 73E8D1D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredEnumerateA 75E77381 5 Bytes JMP 73E8D8A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredEnumerateW 75E77481 5 Bytes JMP 73E8D530 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredWriteDomainCredentialsA 75E77581 5 Bytes JMP 73E8D7B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredWriteDomainCredentialsW 75E77661 5 Bytes JMP 73E8D2B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredReadDomainCredentialsA 75E77741 5 Bytes JMP 73E8D870 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredReadDomainCredentialsW 75E77841 5 Bytes JMP 73E8D3A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredDeleteA 75E77941 5 Bytes JMP 73E8D810 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredDeleteW 75E779F1 5 Bytes JMP 73E8D4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!CredRenameA 75E77AA1 5 Bytes JMP 73E8D750 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!GetEffectiveRightsFromAclW 75E817B1 5 Bytes JMP 73E892B0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!RegConnectRegistryA 75E8EF59 5 Bytes JMP 73E89140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ADVAPI32.dll!EnumServicesStatusA + 3 75E92024 2 Bytes [02, FE] {ADD BH, DH}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoMarshalInterface 7644EF03 5 Bytes JMP 73E8A800 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoUnmarshalInterface 7644F150 5 Bytes JMP 73E8C4E0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoGetClassObject 764554AD 5 Bytes JMP 73E8C0F0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoCreateInstance 76469D0B 5 Bytes JMP 73E8C270 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoCreateInstanceEx 76469D4E 5 Bytes JMP 73E8C370 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] ole32.dll!CoGetObject 7647B68D 5 Bytes JMP 73E8C1A0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!IcmpCloseHandle 73E5821A 5 Bytes JMP 73EA9030 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!IcmpSendEcho2Ex 73E5843C 5 Bytes JMP 73EA9390 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!IcmpCreateFile 73E58666 5 Bytes JMP 73EA9140 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!IcmpSendEcho 73E5870B 5 Bytes JMP 73EA9310 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!IcmpSendEcho2 73E5873B 5 Bytes JMP 73EA9350 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!CancelMibChangeNotify2 73E59A27 5 Bytes JMP 73EA9110 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!NotifyRouteChange2 73E5A191 5 Bytes JMP 73EA90C0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!Icmp6SendEcho2 73E5AA57 5 Bytes JMP 73EA93D0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] IPHLPAPI.DLL!Icmp6CreateFile 73E5ACBD 5 Bytes JMP 73EA9150 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] CRYPT32.dll!CertGetCertificateChain 75A23822 5 Bytes JMP 73E8DF90 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] CRYPT32.dll!CryptProtectData 75A47223 5 Bytes JMP 73E8DDE0 C:\Program Files\Sandboxie\SbieDll.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3280] CRYPT32.dll!CryptUnprotectData 75A47EDF 5 Bytes JMP 73E8DC00 C:\Program Files\Sandboxie\SbieDll.dll
---- Processes - GMER 2.1 ----

Library C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2784] 0x00400000
Library C:\Program Files\Enigma Software Group\SpyHunter\ExecutionGuard.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2784] 0x10000000
Library C:\Program Files\Enigma Software Group\SpyHunter\ShScanner.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2784] 0x68030000
Library C:\Program Files\Enigma Software Group\SpyHunter\Defman.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2784] 0x68660000
Library C:\Program Files\Enigma Software Group\SpyHunter\Common.dll (*** hidden *** ) @ C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2784] 0x00330000

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 sector 0: rootkit-like behavior

---- EOF - GMER 2.1 ----


Bekomme jetzt ständig eine mitteilung das meine DNS Einstellungen modifiziert wurden .
und es wird gefragt ob ich die Veränderungen aktzeptiere.
Oder die Orginaleinstellungen haben möchte ;
was möchte ich ??

Sorry für die Mühe, und ein Danke im Vorfeld

lieben Gruß
Marion

aharonov 20.08.2013 18:09
Zitat:
Bekomme jetzt ständig eine mitteilung das meine DNS Einstellungen modifiziert wurden .
und es wird gefragt ob ich die Veränderungen aktzeptiere.
Oder die Orginaleinstellungen haben möchte ;
Kannst du bitte einen Screenshot dieser Meldung machen und anhängen?


Lade dir bitte Emsisoft MBR Master herunter und speichere es auf den Desktop.
  • Führe die mbrmastr.exe aus.
  • Drücke dann auf Backup MBR und speichere es als emsi auf den Desktop.
  • Schliesse dann das Programm wieder.
  • Packe die erstellte emsi.mbr in ein zip-Archiv (Rechtsklick -> Senden an -> Zip-komprimierten Ordner) und hänge die Datei hier an.
  • Auf dem Desktop wird auch noch eine Textdatei MBRMastr_<date>_<time>.txt erstellt. Poste dessen Inhalt bitte hier.

dunkelbunt 20.08.2013 18:38
Detected Windows version: 6.1 Build 7601 Service Pack 1
Installing direct disk access driver ...
Driver connection handle: 0x000000E0
1 valid drive(s) found.

Details for Disk 0 - SAMSUNG HM320II Rev 2AC1:
Device name : \\.\PhysicalDrive0
Geometry (C/H/S) : 38913/255/63
Boot loader reputation : Known Good (Windows 7)
Cross view comparison : Passed
Partition table integrity: Passed

Boot loader hashes
SHA-1 : 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
MD5 : A36C5E4F47E84449FF07ED3517B43A31

shoot und emsi zip habe ich per mail geschickt

aharonov 20.08.2013 19:09
Per Mail..?
Ich wüsste nicht, wie das geht.. ;)

Die beiden Sachen bitte hier anhängen:


http://www.trojaner-board.de/attachm...ten-anhang.png

dunkelbunt 20.08.2013 19:25
Liste der Anhänge anzeigen (Anzahl: 1)
jetzt bitte ich aber um:applaus:

hoffe ich find das beim nächsten mal wieder *g

aharonov 20.08.2013 19:31
:applaus::applaus::applaus:

Und kannst du mir sagen, von welchem Programm diese Warnung wegen der DNS-Einstellungen kommt? Ich erkenn das Symbol nicht.

dunkelbunt 20.08.2013 19:35
Das kommt immer noch von meinem Spyhunter 4
Den habe ich aber deinstalliert auf deinen Rat hin.

aharonov 20.08.2013 19:38
Ah, dann hat der sich nicht vollständig deinstalliert. Da helfen wir nach.


Schritt 1

SpyHunter entfernen

Die folgende Datei hilft dir das Programm restlos zu deinstallieren:
  • Lade dir bitte die folgendes Programm auf deinen Desktop: SpyHunterKiller.exe
  • Bestätige die Warnung und klicke Weiter.
  • Berichte, ob du noch Reste von SpyHunter sehen kannst.



Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




Schritt 3

Starte noch einmal FRST.
  • Ändere keine der Voreinstellungen und drücke auf Scan.
  • Wenn der Scan abgeschlossen ist, werden ein neues Logfile FRST.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieses Logfiles bitte hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von JRT
  • Log von FRST

dunkelbunt 20.08.2013 19:57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.1 (08.19.2013:1)
OS: Windows 7 Home Premium x86
Ran by peppermint on 20.08.2013 at 20:45:13,38
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs



~~~ Files

Successfully deleted: [File] C:\windows\Tasks\rmschedule.job
Successfully deleted: [File] "C:\windows\system32\authuitu.dll"
Successfully deleted: [File] "C:\windows\system32\turegopt.exe"



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\eusing free registry cleaner"



~~~ FireFox

Emptied folder: C:\Users\peppermint\AppData\Roaming\mozilla\firefox\profiles\w5las282.default\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.08.2013 at 20:48:19,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by peppermint (administrator) on 20-08-2013 20:51:44
Running from C:\Users\peppermint\Desktop
Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieSvc.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
(Microsoft Corporation) C:\windows\System32\IgrsSvcs.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files\Secunia\PSI\PSIA.exe
(Microsoft Corporation) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(PC Tools) C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\windows\system32\wuauclt.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SbieCtrl.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(DonationCoder) C:\Program Files\ScreenshotCaptor\ScreenshotCaptor.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(SANDBOXIE L.T.D) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-26] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [SSDMonitor] - C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [104408 2010-09-16] (PC Tools)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKCU\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner.exe [2761024 2012-02-22] (Piriform Ltd)
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.)
MountPoints2: {56424d46-9436-11e1-8fc8-705ab658961b} - F:\LaunchU3.exe -a
MountPoints2: {81216b3a-f9d1-11e2-94b9-705ab658961b} - F:\NokiaPCIA_Autorun.exe
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\RunOnce: [WLStart] - C:\Program Files\Windows Live\Installer\wlstart.exe [ 2009-07-26] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL (Microsoft Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 195.234.128.7 195.234.128.16

FireFox:
========
FF ProfilePath: C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: pricealarm - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
FF Extension: firefox - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\firefox@ghostery.com.xpi
FF Extension: No Name - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\peppermint\AppData\Roaming\Mozilla\Firefox\Profiles\w5las282.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [fmconverter@gmail.com] C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\
FF Extension: Freemake Video Converter Plugin - C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\

========================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-26] (Avira Operations GmbH & Co. KG)
R2 IGRS; C:\Program Files\Lenovo\ReadyComm\common\IGRS.exe [38152 2009-07-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm AppSvc; C:\Program Files\Lenovo\ReadyComm\AppSvc.exe [509192 2009-08-14] (Lenovo Group Limited)
S3 Lenovo ReadyComm ConnSvc; C:\Program Files\Lenovo\ReadyComm\ConnSvc.exe [579400 2009-09-22] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation)
R2 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [632792 2010-10-01] (PC Tools)
S3 PS_MDP; C:\Program Files\Lenovo\ReadyComm\PS_MDP.dll [276296 2009-07-16] (Lenovo Group Limited)
R2 ReadyComm.DirectRouter; C:\Program Files\Lenovo\ReadyComm\common\router.dll [103688 2009-07-14] (Lenovo Group Limited)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [85776 2012-12-16] (SANDBOXIE L.T.D)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1227800 2013-04-18] (Secunia)
S2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [659992 2013-04-18] (Secunia)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\sxds10.exe [234096 2013-07-12] (soft Xpansion)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2013-05-09] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1051968 2010-07-06] (TuneUp Software)
S3 MozillaMaintenance;

==================== Drivers (Whitelisted) ====================

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [21520 2009-05-19] (Lenovo Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-03-29] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-29] (Avira Operations GmbH & Co. KG)
S3 Bridge0; C:\Windows\System32\drivers\WDBridge.sys [63240 2009-07-28] (Lenovo)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 funfrm; C:\Windows\System32\Drivers\funfrm.sys [54800 2010-03-14] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_x86.sys [16024 2013-04-18] (Secunia)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [157776 2012-12-16] (SANDBOXIE L.T.D)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-03-16] (Avira GmbH)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2010-02-24] (TuneUp Software)
S3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [168704 2009-06-19] (SMI)
R3 wdmirror; C:\Windows\System32\DRIVERS\WDMirror.sys [11792 2009-07-16] (Windows (R) Codename Longhorn DDK provider)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
S3 RSUSBSTOR; System32\Drivers\RtsUStor.sys [x]
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]
U3 kfriqpob; \??\C:\Users\PEPPER~1\AppData\Local\Temp\kfriqpob.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 20:48 - 2013-08-20 20:48 - 00001565 _____ C:\Users\peppermint\Desktop\JRT.txt
2013-08-20 20:45 - 2013-08-20 20:45 - 00000000 ____D C:\windows\ERUNT
2013-08-20 20:40 - 2013-08-20 20:40 - 01018949 _____ (Thisisu) C:\Users\peppermint\Desktop\JRT.exe
2013-08-20 20:39 - 2013-08-20 20:40 - 00464381 _____ C:\Users\peppermint\Desktop\SpyHunterKiller.exe
2013-08-20 19:26 - 2013-08-20 19:26 - 00000058 _____ C:\Users\PEPPER~1\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Users\peppermint\Documents\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\ProgramData\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-08-20 19:19 - 2013-08-20 19:19 - 00000584 _____ C:\Users\peppermint\Documents\emsi.zip
2013-08-20 19:18 - 2013-08-20 19:18 - 00000593 _____ C:\Users\peppermint\Desktop\MBRMastr_2013.08.20_19.18.40.txt
2013-08-20 19:13 - 2013-08-20 19:13 - 00788728 _____ (Emsisoft GmbH) C:\Users\peppermint\Desktop\mbrmastr.exe
2013-08-20 18:29 - 2013-08-20 18:29 - 00132007 _____ C:\Users\peppermint\Desktop\Gmer.txt
2013-08-20 18:03 - 2013-08-20 18:03 - 00377856 _____ C:\Users\peppermint\Desktop\gmer_2.1.19163.exe
2013-08-20 17:52 - 2013-08-20 17:52 - 00000000 ____D C:\FRST
2013-08-20 17:43 - 2013-08-20 17:43 - 01070241 _____ (Farbar) C:\Users\peppermint\Desktop\FRST.exe
2013-08-20 17:36 - 2013-08-20 17:36 - 00050477 _____ C:\Users\peppermint\Desktop\Defogger.exe
2013-08-20 14:23 - 2013-08-20 00:19 - 413364960 _____ C:\Users\peppermint\Downloads\idtv-motive.s01e01.mkv
2013-08-20 13:21 - 2013-08-20 13:21 - 00112088 _____ C:\Users\PEPPER~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 12:04 - 2013-08-20 12:04 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 12:04 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-20 09:55 - 2013-08-20 09:55 - 00017633 _____ C:\AdwCleaner[S1].txt
2013-08-20 09:54 - 2013-08-20 09:55 - 00017100 _____ C:\AdwCleaner[R2].txt
2013-08-20 09:54 - 2013-08-20 09:54 - 00017039 _____ C:\AdwCleaner[R1].txt
2013-08-19 21:58 - 2013-08-19 21:58 - 00000000 ____D C:\ProgramData\StarApp
2013-08-19 21:56 - 2013-08-19 22:02 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 21:30 - 2013-08-19 21:33 - 00000000 ____D C:\Program Files\SimpleFiles
2013-08-19 21:30 - 2013-08-19 21:30 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\SimpleFiles
2013-08-19 19:43 - 2013-08-20 17:33 - 00000000 ____D C:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-17 14:13 - 2013-08-17 14:13 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-15 18:16 - 2013-08-15 18:16 - 00000000 ____D C:\Users\peppermint\Downloads\Mucke versch
2013-08-15 03:09 - 2013-08-15 03:12 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-15 03:01 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-15 03:01 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-15 03:01 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-15 03:01 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-15 03:01 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-15 03:01 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-15 03:01 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:00 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-15 03:00 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-15 03:00 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-14 11:11 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-08-14 11:11 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-08-14 11:11 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2013-08-14 11:11 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-08-14 11:11 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2013-08-14 11:11 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-14 11:11 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-14 11:11 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2013-08-14 11:11 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-14 11:11 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-08-13 09:14 - 2013-08-13 09:14 - 00000091 _____ C:\Users\peppermint\AppData\Roaming\Safer-Networking.log
2013-08-11 10:09 - 2013-08-13 09:19 - 00000000 ____D C:\windows\pss
2013-08-06 17:50 - 2013-08-20 16:07 - 01429308 _____ C:\windows\WindowsUpdate.log
2013-08-03 06:59 - 2013-08-03 06:59 - 00000000 ____D C:\ProgramData\Installations
2013-08-02 15:57 - 2013-08-02 15:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-29 16:23 - 2013-07-29 16:23 - 00000000 ___HD C:\Users\peppermint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-07-29 10:35 - 2013-07-29 10:35 - 00000000 ____D C:\Users\peppermint\Documents\default

==================== One Month Modified Files and Folders =======

2013-08-20 20:51 - 2013-08-20 20:51 - 00000000 ____D C:\Users\peppermint\Desktop\Neuer Ordner
2013-08-20 20:48 - 2013-08-20 20:48 - 00001565 _____ C:\Users\peppermint\Desktop\JRT.txt
2013-08-20 20:48 - 2012-05-03 22:46 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-20 20:45 - 2013-08-20 20:45 - 00000000 ____D C:\windows\ERUNT
2013-08-20 20:40 - 2013-08-20 20:40 - 01018949 _____ (Thisisu) C:\Users\peppermint\Desktop\JRT.exe
2013-08-20 20:40 - 2013-08-20 20:39 - 00464381 _____ C:\Users\peppermint\Desktop\SpyHunterKiller.exe
2013-08-20 20:10 - 2013-05-04 08:50 - 00000000 ____D C:\Users\peppermint\Documents\Programme
2013-08-20 19:27 - 2013-08-06 17:50 - 01429308 _____ C:\windows\WindowsUpdate.log
2013-08-20 19:26 - 2013-08-20 19:26 - 00000058 _____ C:\Users\PEPPER~1\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Users\peppermint\Documents\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\ProgramData\DonationCoder
2013-08-20 19:26 - 2013-08-20 19:26 - 00000000 ____D C:\Program Files\ScreenshotCaptor
2013-08-20 19:19 - 2013-08-20 19:19 - 00000584 _____ C:\Users\peppermint\Documents\emsi.zip
2013-08-20 19:18 - 2013-08-20 19:18 - 00000593 _____ C:\Users\peppermint\Desktop\MBRMastr_2013.08.20_19.18.40.txt
2013-08-20 19:13 - 2013-08-20 19:13 - 00788728 _____ (Emsisoft GmbH) C:\Users\peppermint\Desktop\mbrmastr.exe
2013-08-20 18:29 - 2013-08-20 18:29 - 00132007 _____ C:\Users\peppermint\Desktop\Gmer.txt
2013-08-20 18:13 - 2012-05-02 11:06 - 00000000 ____D C:\Users\peppermint
2013-08-20 18:03 - 2013-08-20 18:03 - 00377856 _____ C:\Users\peppermint\Desktop\gmer_2.1.19163.exe
2013-08-20 17:53 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-20 17:52 - 2013-08-20 17:52 - 00000000 ____D C:\FRST
2013-08-20 17:43 - 2013-08-20 17:43 - 01070241 _____ (Farbar) C:\Users\peppermint\Desktop\FRST.exe
2013-08-20 17:36 - 2013-08-20 17:36 - 00050477 _____ C:\Users\peppermint\Desktop\Defogger.exe
2013-08-20 17:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 17:34 - 2009-07-14 06:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 17:33 - 2013-08-19 19:43 - 00000000 ____D C:\windows\471D8B37C5B344579FA1B3C693334F4F.TMP
2013-08-20 16:54 - 2012-05-02 11:40 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\vlc
2013-08-20 13:21 - 2013-08-20 13:21 - 00112088 _____ C:\Users\PEPPER~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 12:57 - 2010-03-14 00:15 - 02902768 _____ C:\FaceProv.log
2013-08-20 12:56 - 2009-07-14 06:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-20 12:56 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Help
2013-08-20 12:04 - 2013-08-20 12:04 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 12:04 - 2013-08-20 12:04 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 09:55 - 2013-08-20 09:55 - 00017633 _____ C:\AdwCleaner[S1].txt
2013-08-20 09:55 - 2013-08-20 09:54 - 00017100 _____ C:\AdwCleaner[R2].txt
2013-08-20 09:54 - 2013-08-20 09:54 - 00017039 _____ C:\AdwCleaner[R1].txt
2013-08-20 03:00 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Registration
2013-08-20 00:19 - 2013-08-20 14:23 - 413364960 _____ C:\Users\peppermint\Downloads\idtv-motive.s01e01.mkv
2013-08-19 22:02 - 2013-08-19 21:56 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-19 21:58 - 2013-08-19 21:58 - 00000000 ____D C:\ProgramData\StarApp
2013-08-19 21:33 - 2013-08-19 21:30 - 00000000 ____D C:\Program Files\SimpleFiles
2013-08-19 21:30 - 2013-08-19 21:30 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\SimpleFiles
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-08-19 19:43 - 2013-08-19 19:43 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-08-18 16:20 - 2012-05-03 22:48 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\Macromedia
2013-08-18 16:14 - 2013-04-12 01:58 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-17 14:13 - 2013-08-17 14:13 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-15 18:16 - 2013-08-15 18:16 - 00000000 ____D C:\Users\peppermint\Downloads\Mucke versch
2013-08-15 08:56 - 2009-07-29 12:27 - 00000000 ____D C:\windows\Panther
2013-08-15 04:15 - 2009-07-14 04:37 - 00000000 ____D C:\windows\rescache
2013-08-15 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\windows\Microsoft.NET
2013-08-15 03:29 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\de-DE
2013-08-15 03:12 - 2013-08-15 03:09 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 03:09 - 2013-07-01 21:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-15 03:09 - 2013-03-18 23:46 - 75778376 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-08-15 03:08 - 2013-08-15 03:08 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-08-15 03:05 - 2010-01-18 19:03 - 01659648 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-14 18:18 - 2013-06-07 07:00 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\AVS4YOU
2013-08-14 18:11 - 2012-05-02 11:18 - 00000000 ____D C:\Users\peppermint\AppData\Roaming\AvaFind Data
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default\AppData\Local\Adobe
2013-08-13 09:26 - 2013-08-13 09:26 - 00000000 ____D C:\Users\Default User\AppData\Local\Adobe
2013-08-13 09:26 - 2013-07-01 21:01 - 00000000 ____D C:\ProgramData\Adobe
2013-08-13 09:26 - 2010-01-18 19:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-08-13 09:26 - 2010-01-18 19:13 - 00000000 ____D C:\Program Files\Adobe
2013-08-13 09:19 - 2013-08-11 10:09 - 00000000 ____D C:\windows\pss
2013-08-13 09:19 - 2009-07-14 06:34 - 00021504 _____ C:\windows\system32\umstartup.etl
2013-08-13 09:16 - 2009-07-14 06:34 - 00021504 _____ C:\windows\system32\umstartup000.etl
2013-08-13 09:14 - 2013-08-13 09:14 - 00000091 _____ C:\Users\peppermint\AppData\Roaming\Safer-Networking.log
2013-08-12 20:36 - 2009-07-14 04:37 - 00000000 ____D C:\windows\system32\NDF
2013-08-07 19:17 - 2013-06-07 06:58 - 00000000 ____D C:\Program Files\AVS4YOU
2013-08-06 19:10 - 2013-07-17 07:53 - 01478656 _____ C:\Users\peppermint\s-1-5-21-3367545941-720271320-1893929590-1003.rrr
2013-08-06 19:10 - 2012-05-02 13:37 - 47431680 _____ C:\windows\system32\config\software.rrr
2013-08-06 19:10 - 2012-05-02 13:37 - 00110592 _____ C:\windows\system32\config\default.rrr
2013-08-06 19:08 - 2012-05-27 09:06 - 00003072 _____ C:\windows\system32\Cache.db
2013-08-03 06:59 - 2013-08-03 06:59 - 00000000 ____D C:\ProgramData\Installations
2013-08-02 15:57 - 2013-08-02 15:57 - 00000000 ____H C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2013-07-29 16:23 - 2013-07-29 16:23 - 00000000 ___HD C:\Users\peppermint\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2013-07-29 10:35 - 2013-07-29 10:35 - 00000000 ____D C:\Users\peppermint\Documents\default
2013-07-28 09:42 - 2013-04-13 07:26 - 00000000 ____D C:\Users\peppermint\Documents\HÖRBÜCHER
2013-07-26 05:13 - 2013-08-15 03:01 - 01141248 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-15 03:01 - 00042496 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-26 05:13 - 2013-08-15 03:00 - 01767936 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 02877440 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 02048512 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00493056 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00109056 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-15 03:01 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-15 03:00 - 14329344 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-15 03:01 - 00033280 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-26 05:11 - 2013-08-15 03:00 - 13761024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-26 04:49 - 2013-08-15 03:01 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-15 03:01 - 00071680 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-14 11:11 - 01620992 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-07-22 12:33 - 2012-04-23 18:26 - 00000000 ___RD C:\Users\peppermint\Desktop\Dance

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-12 00:43

==================== End Of Log ============================
--- --- ---

Finde übrigens nichts mehr von Spyhunter , die Meldung kommt auch nicht mehr

danke ;-)

aharonov 20.08.2013 20:01
Ok, dann noch eine letzte Kontrolle:



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


dunkelbunt 20.08.2013 21:11
Ne kurze Frage während Eset scannt;
Soll ich diese ganzen Teile wie JRT,FRST GMER usw. aufheben oder kann ich die sammt logfiles löschen ??

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=168dd98ab193e64abb7a7bc51e7b3b16
# engine=14842
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-08-20 08:05:43
# local_time=2013-08-20 10:05:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 97 21256 122799627 14027 0
# compatibility_mode=5893 16776574 100 82 2601612 128660334 0 0
# scanned=93229
# found=0
# cleaned=0
# scan_time=3349


Alle Zeitangaben in WEZ +1. Es ist jetzt 23:41 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131