| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Programme stürzen ab nach VirusfundWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.11.2014, 13:53
| #1 |
| |  Windows 7: Programme stürzen ab nach Virusfund Hallo, Antivir hat "TR/Rootkit.Gen2" als Virus/unerwünschtes Programm gemeldet. Dieses lässt sich allerdings nicht entfernen und die Meldung taucht alle 2 Tage wieder auf. Seit dem stürzen sämtliche Programme (Z.B. MS Office, Mozilla Firefox, ITunes) ab und reagieren nicht mehr. Teilweise hängt sich der Laptop komplett auf, sodass neu gestartet werden muss, was extrem lange dauert. Die in der Checkliste beschriebenen Programme habe ich alle durchgeführt. FRST hat sich auch immer wieder aufgehängt (keine Rückmeldung). GMER lief extrem lange (über 36h). Vielen Dank schon mal im Voraus! Hier meine Logfiles: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:56 on 11/11/2014 (Melanie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014 Ran by Melanie (administrator) on MELANIE-TOSH on 12-11-2014 18:16:23 Running from C:\Users\Melanie\Desktop Loaded Profiles: Melanie & (Available profiles: Melanie) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe (Check Point Software Technologies) C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe (Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Apple Inc.) C:\Users\Melanie\Music\iTunes\iTunesHelper.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MMLoadDrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X] HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-02-01] (Realtek Semiconductor) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-23] (Synaptics Incorporated) HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-06] (SRS Labs, Inc.) HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-26] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-03-07] (Toshiba Europe GmbH) HKLM\...\Run: [ISW] => C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [1126528 2012-04-30] (Check Point Software Technologies) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2012-01-20] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-02] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-12] (TOSHIBA Corporation) HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA) HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73392 2012-06-01] (Check Point Software Technologies LTD) HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Users\Melanie\Music\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348624 2012-05-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG) HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-19\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3119111728-3156756977-804979122-1000\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3119111728-3156756977-804979122-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) HKU\S-1-5-21-3119111728-3156756977-804979122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) HKU\S-1-5-21-3119111728-3156756977-804979122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-07] (Google Inc.) HKU\S-1-5-18\...\Run: [TOPI.EXE] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe [846936 2011-05-16] (TOSHIBA) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Internet (All) =========================== HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TEUA&bmod=TEUA HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation) URLSearchHook: HKCU - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation) StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKLM-x32 - DefaultScope {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA; SearchScopes: HKCU - DefaultScope {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE489 SearchScopes: HKCU - {60D8521F-1B29-45F9-9A79-6C32C6586254} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TEUA_deDE489 BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-3119111728-3156756977-804979122-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKU\S-1-5-21-3119111728-3156756977-804979122-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: HKLM-x32 {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: HKLM-x32 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014
Ran by Melanie at 2014-11-12 08:46:58
Running from C:\Users\Melanie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AV: Avira Desktop (Enabled - Out of date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Out of date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{F856881A-D370-B1A7-2AFF-128F4AA93558}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.0.0.12 - Atheros Communications)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Avira (HKLM-x32\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 12.0.0.1125 - Avira)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.00.00(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cake Mania (x32 Version: 2.2.0.98 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 12.0.742.91 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.3.2710.138 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.21.111 - Google Inc.) Hidden
High-Definition Video Playback (x32 Version: 11.1.10500.2.65 - Nero AG) Hidden
Insaniquarium Deluxe (x32 Version: 2.2.0.97 - WildTangent) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
Java(TM) 6 Update 30 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216030FF}) (Version: 6.0.300 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
Nero 11 Essentials (HKLM-x32\...\{F8635CF8-B797-4EFD-80BC-DE2D26C65D4F}) (Version: 11.0.00300 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.11100.8.0 - Nero AG)
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Manuals (HKLM-x32\...\{90FF4432-21B7-4AF6-BA6E-FB8C1FED9173}) (Version: 10.04 - TOSHIBA)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
TOSHIBA Online Product Information (HKLM-x32\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 4.01.0000 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Places Icon Utility (HKLM-x32\...\{461F6F0D-7173-4902-9604-AB1A29108AF2}) (Version: 1.1.1.4 - TOSHIBA Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA Recovery Media Creator Reminder (HKLM-x32\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0019 - TOSHIBA)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA TEMPRO (HKLM-x32\...\{F082CB11-4794-4259-99A1-D91BA762AD15}) (Version: 3.35 - Toshiba Europe GmbH)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
welcome (x32 Version: 11.0.22500.0.0 - Nero AG) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
ZoneAlarm Antivirus (x32 Version: 10.2.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 10.2.057.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 10.2.047.000 - Check Point)
ZoneAlarm LTD Toolbar (HKLM\...\ZoneAlarm LTD Toolbar) (Version: - Check Point Software Technologies)
ZoneAlarm Security (x32 Version: 10.2.057.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3119111728-3156756977-804979122-1000_Classes\CLSID\{00000001-0E3A-4123-8B32-4B68A91E104A}\InprocServer32 -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIBasePlace.dll (Toshiba Corporation)
==================== Restore Points =========================
25-07-2014 17:14:01 Windows Update
29-07-2014 13:29:10 Windows Update
31-07-2014 15:57:42 Windows Update
01-08-2014 13:44:08 Windows Update
05-08-2014 15:15:17 Windows Update
15-08-2014 14:14:04 Windows Update
15-08-2014 18:59:31 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6F65B2F6-61E0-4982-9C30-32581D5DBC3D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07] (Google Inc.)
Task: {AD56B3A2-9D11-49C8-9504-B3294E685B9B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B693A355-823C-455A-8CD7-2097843D95FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-07] (Google Inc.)
Task: {D5564931-3368-4DA3-B8A9-59FE6E3576DE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-19] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2011-08-22 23:19 - 2011-08-22 23:19 - 11204992 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-11-24 21:20 - 2011-11-24 21:20 - 00593856 _____ () C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-12-15 23:19 - 2010-12-15 23:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2012-03-07 01:01 - 2011-02-22 11:16 - 00559104 _____ () C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\de\Humphrey.resources.dll
2012-03-07 01:05 - 2011-12-15 15:56 - 00022400 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll
2012-03-07 01:05 - 2011-12-15 15:55 - 00063360 _____ () C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll
2012-01-20 12:13 - 2012-01-20 12:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-09 17:55 - 2011-11-09 17:55 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-11-26 02:51 - 2011-11-26 02:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-18 16:15 - 2012-04-16 22:11 - 00398288 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3119111728-3156756977-804979122-500 - Administrator - Disabled)
Gast (S-1-5-21-3119111728-3156756977-804979122-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3119111728-3156756977-804979122-1002 - Limited - Enabled)
Melanie (S-1-5-21-3119111728-3156756977-804979122-1000 - Administrator - Enabled) => C:\Users\Melanie
==================== Faulty Device Manager Devices =============
Name: TSSTcorp CDDVDW SN-208AB
Description: CD-ROM-Laufwerk
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-CD-ROM-Laufwerke)
Service: cdrom
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/12/2014 09:11:30 AM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei
C:\Users\Melanie\Pictures\Justin Timberlake 2014\209 (3).jpg.
[ACCESS_VIOLATION Exception!! EIP = 0x1a85c92]
Bitte Avira informieren und die obige Datei übersenden!
Error: (11/12/2014 08:28:10 AM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die Datei
C:\Users\Melanie\Pictures\WAGO Wiesn\396.jpg.
[ACCESS_VIOLATION Exception!! EIP = 0x1a85c92]
Bitte Avira informieren und die obige Datei übersenden!
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42760
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42760
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41715
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41715
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/11/2014 11:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40716
Error: (11/11/2014 11:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40716
System errors:
=============
Error: (11/12/2014 09:26:24 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (11/12/2014 08:49:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Microsoft-Softwareschattenkopie-Anbieter" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/12/2014 08:49:39 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft-Softwareschattenkopie-Anbieter erreicht.
Error: (11/12/2014 08:49:39 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053swprv{65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
Error: (11/12/2014 08:48:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Volumeschattenkopie" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/12/2014 08:48:26 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (11/12/2014 08:48:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Volumeschattenkopie erreicht.
Error: (11/11/2014 10:54:57 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (11/11/2014 10:45:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Mozilla Maintenance Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (11/11/2014 10:45:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Mozilla Maintenance Service erreicht.
Microsoft Office Sessions:
=========================
Error: (11/12/2014 09:11:30 AM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: C:\Users\Melanie\Pictures\Justin Timberlake 2014\209 (3).jpgACCESS_VIOLATION0x1a85c92AVEPROC_TestFile()
Error: (11/12/2014 08:28:10 AM) (Source: Avira Antivirus) (EventID: 4118) (User: NT-AUTORITÄT)
Description: C:\Users\Melanie\Pictures\WAGO Wiesn\396.jpgACCESS_VIOLATION0x1a85c92AVEPROC_TestFile()
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 42760
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 42760
Error: (11/11/2014 11:31:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 41715
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 41715
Error: (11/11/2014 11:31:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (11/11/2014 11:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 40716
Error: (11/11/2014 11:31:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 40716
CodeIntegrity Errors:
===================================
Date: 2014-11-12 07:34:26.569
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-12 06:50:11.789
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 23:02:11.492
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 21:08:47.971
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 20:47:01.058
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 20:28:20.337
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-11 20:10:26.555
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-09 21:10:56.055
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-09 20:47:50.984
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-11-09 20:02:25.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 8154.8 MB
Available physical RAM: 5429.94 MB
Total Pagefile: 16307.79 MB
Available Pagefile: 12838.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (TI30886900A) (Fixed) (Total:578.84 GB) (Free:460.69 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1780111D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=578.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.9 GB) - (Type=17)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-11-15 13:22:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.GT00 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Melanie\AppData\Local\Temp\pxriipoc.sys
---- User code sections - GMER 2.1 ----
.text C:\windows\system32\wininit.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\wininit.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\wininit.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\wininit.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\wininit.exe[652] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\wininit.exe[652] C:\windows\system32\USER32.dll!FindWindowW 0000000076e6d264 5 bytes JMP 00000001222ff174
.text C:\windows\system32\wininit.exe[652] C:\windows\system32\USER32.dll!FindWindowA 0000000076e88270 5 bytes JMP 00000001222ff1c4
.text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\services.exe[748] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\services.exe[748] C:\windows\system32\USER32.dll!FindWindowW 0000000076e6d264 5 bytes JMP 00000001222ff174
.text C:\windows\system32\services.exe[748] C:\windows\system32\USER32.dll!FindWindowA 0000000076e88270 5 bytes JMP 00000001222ff1c4
.text C:\windows\system32\lsass.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\lsass.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\lsass.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\lsass.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\lsass.exe[756] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\lsass.exe[756] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 3 bytes [5D, 4B, FA]
.text C:\windows\system32\lsm.exe[764] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\lsm.exe[764] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\lsm.exe[764] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\lsm.exe[764] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\lsm.exe[764] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[856] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[856] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[856] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[856] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[856] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[952] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[952] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 3 bytes [5D, 4B, DD]
.text C:\windows\system32\atiesrxx.exe[160] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\atiesrxx.exe[160] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\atiesrxx.exe[160] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\atiesrxx.exe[160] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\atiesrxx.exe[160] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\System32\svchost.exe[648] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\System32\svchost.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\System32\svchost.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\System32\svchost.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\System32\svchost.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\System32\svchost.exe[848] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\System32\svchost.exe[848] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 4 bytes {JMP 0xfffffffffedc4b62}
.text C:\windows\system32\svchost.exe[432] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[432] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[432] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[432] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[432] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[1048] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[1048] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[1048] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[1048] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[1048] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[1048] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 4 bytes {JMP 0xfffffffffedc4b62}
.text C:\windows\system32\svchost.exe[1308] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[1308] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[1308] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[1308] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[1308] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[1308] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 3 bytes [5D, 4B, DD]
.text C:\windows\system32\WLANExt.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\WLANExt.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\WLANExt.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\WLANExt.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\WLANExt.exe[1424] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\conhost.exe[1432] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\conhost.exe[1432] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\conhost.exe[1432] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\conhost.exe[1432] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\conhost.exe[1432] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\System32\spoolsv.exe[1824] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\System32\spoolsv.exe[1824] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\System32\spoolsv.exe[1824] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\System32\spoolsv.exe[1824] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\System32\spoolsv.exe[1824] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[1932] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[1932] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 3 bytes [5D, 4B, DD]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2044] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1336] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1212] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 3 bytes [5D, 4B, FA]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[1112] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 00000001026489ab
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000102648d58
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000102648791
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000102648dd9
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 5 bytes JMP 000000010264846c
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 000000010264825a
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 000000010264828f
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000102649036
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000102648e5d
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2116] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\windows\system32\TODDSrv.exe[2240] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\TODDSrv.exe[2240] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\TODDSrv.exe[2240] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\TODDSrv.exe[2240] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\TODDSrv.exe[2240] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe[2260] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2376] C:\windows\system32\ADVAPI32.dll!ImpersonateNamedPipeClient + 1 000007fefe12b521 4 bytes {JMP 0xfffffffffee34b62}
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\syswow64\KERNEL32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe[2508] C:\windows\syswow64\KERNEL32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2924] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2924] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2924] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2924] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2924] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2772] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2772] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2772] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2772] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\TOSHIBA\TECO\TecoService.exe[2772] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\conhost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\conhost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\conhost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\conhost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\conhost.exe[2788] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\windows\system32\svchost.exe[4016] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[4016] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[4016] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[4016] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[4016] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3240] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3240] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3240] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3240] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3240] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000763e1465 2 bytes [3E, 76]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3824] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000763e14bb 2 bytes [3E, 76]
.text ... * 2
.text C:\windows\system32\SearchIndexer.exe[5040] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\SearchIndexer.exe[5040] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\SearchIndexer.exe[5040] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\SearchIndexer.exe[5040] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\SearchIndexer.exe[5040] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[5088] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\windows\system32\svchost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\system32\svchost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\system32\svchost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\system32\svchost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\system32\svchost.exe[4452] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[1880] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe[4108] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1856] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Users\Melanie\Music\iTunes\iTunesHelper.exe[4924] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\windows\System32\svchost.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\windows\System32\svchost.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\windows\System32\svchost.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\windows\System32\svchost.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\windows\System32\svchost.exe[4628] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe[2112] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Program Files\iPod\bin\iPodService.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076fb1470 5 bytes JMP 00000001222ffe7c
.text C:\Program Files\iPod\bin\iPodService.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort 0000000076fb14a0 1 byte JMP 0000000122300530
.text C:\Program Files\iPod\bin\iPodService.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtImpersonateClientOfPort + 2 0000000076fb14a2 3 bytes {JMP 0xffffffffab34f090}
.text C:\Program Files\iPod\bin\iPodService.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtAccessCheckByType 0000000076fb1900 5 bytes JMP 00000001222ffab8
.text C:\Program Files\iPod\bin\iPodService.exe[4876] C:\windows\SYSTEM32\ntdll.dll!NtAlpcImpersonateClientOfPort 0000000076fb1aa0 5 bytes JMP 00000001223005e8
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtSetInformationProcess 000000007715fb28 5 bytes JMP 0000000120cb89ab
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtImpersonateClientOfPort 000000007715fb70 5 bytes JMP 0000000120cb8d58
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtAccessCheckByType 0000000077160240 5 bytes JMP 0000000120cb8791
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\SysWOW64\ntdll.dll!NtAlpcImpersonateClientOfPort 00000000771604c0 5 bytes JMP 0000000120cb8dd9
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\kernel32.dll!OpenProcess 0000000076401952 3 bytes JMP 0000000120cb846c
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\kernel32.dll!OpenProcess + 4 0000000076401956 1 byte [AA]
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\USER32.dll!FindWindowW 00000000767298fd 5 bytes JMP 0000000120cb825a
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\USER32.dll!FindWindowA 000000007672ffe6 5 bytes JMP 0000000120cb828f
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\ADVAPI32.dll!SetThreadToken 0000000074d2c76e 5 bytes JMP 0000000120cb9036
.text C:\Users\Melanie\Desktop\Gmer-19357.exe[3300] C:\windows\syswow64\ADVAPI32.dll!ImpersonateNamedPipeClient 0000000074d63475 5 bytes JMP 0000000120cb8e5d
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4064:3084] 0000000076d27587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4064:3156] 0000000073cd7712
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4064:3816] 0000000077192e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4064:4456] 0000000077193e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4064:4644] 0000000077193e85
Thread C:\windows\System32\svchost.exe [4628:4972] 000007fef4be9688
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3672:5036] 000007fefb0d2bf8
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Code:
ATTFilter Exportierte Ereignisse:
11.11.2014 21:01 [System Scanner] Malware gefunden
Die Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\TEMPORARYFOLDER\bases\sw2\k
lavasyswatch.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '509ec47a.qua'
verschoben!
11.11.2014 19:37 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\TEMPORARYFOLDER\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
11.11.2014 19:36 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\TEMPORARYFOLDER\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
11.11.2014 19:28 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\PROGRAMDATA\CHECKPOINT\ZONEALARM\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
11.11.2014 19:28 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\PROGRAMDATA\CHECKPOINT\ZONEALARM\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.11.2014 18:00 [System Scanner] Malware gefunden
Die Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '51663c80.qua'
verschoben!
09.11.2014 17:13 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
09.11.2014 17:13 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.11.2014 17:13 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
09.11.2014 17:13 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
09.11.2014 09:57 [System Scanner] Malware gefunden
Die Datei
'C:\PROGRAMDATA\CHECKPOINT\ZONEALARM\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '52c78676.qua'
verschoben!
09.11.2014 09:39 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\PROGRAMDATA\CHECKPOINT\ZONEALARM\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
09.11.2014 09:39 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\PROGRAMDATA\CHECKPOINT\ZONEALARM\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
19.10.2014 17:42 [System Scanner] Malware gefunden
Die Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '50f37295.qua'
verschoben!
19.10.2014 17:36 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Übergeben an Scanner
19.10.2014 17:36 [Echtzeit Scanner] Malware gefunden
In der Datei
'C:\ProgramData\CheckPoint\ZoneAlarm\Data\avsys\temp\temporaryFolder\bases\sw2\k
lavasyswatch.dll'
wurde ein Virus oder unerwünschtes Programm 'TR/Rootkit.Gen2' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
| Themen zu Windows 7: Programme stürzen ab nach Virusfund |
| antivirus, bonjour, branding, device driver, entfernen, fehlercode 0x5, fehlercode 19, fehlercode windows, firefox, flash player, iexplore.exe, installation, mozilla, programm, realtek, registry, security, server, software, svchost.exe, system, tr/rootkit.gen2, vista, windows |
Baum-Darstellung