Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.11.2015, 21:04   #1
dorle17
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Nachdem ich heute ClamWin testweise mit aktuellen Signaturen ins Rennen geschickt habe, kam eine Rückmeldung über einen gefundenen Ramnit-Trojaner und diverse Adware.

Panikscan mit boardeigenem ZoneAlarm, Windows Defender, MBAM und ADWCleaner (alles up2date) brachte hingegen keine Funde.

Dennoch bin ich jetzt etwas verunsichert und bitte um Hilfe. Logs folgen

Scan lief nicht bis zum Ende durch
Code:
ATTFilter
Scan Started Sat Nov 21 20:11:25 2015
-------------------------------------------------------------------------------

WARNING: Can't open file C:\hiberfil.sys: Permission denied
WARNING: Can't open file C:\pagefile.sys: Permission denied
C:\Program Files (x86)\Adobe\Photoshop Elements 12\cg.dll: Win.Trojan.Ramnit-7070 FOUND
C:\Program Files (x86)\CheckPoint\Install\CUninstallerZA.exe: Win.Adware.Outbrowse-1167 FOUND
C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AdobeGCUpdater.dll: Win.Adware.Browsefox-14085 FOUND
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\IMSLib.dll: Win.Adware.Browsefox-14023 FOUND
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\P7\x64\IMSLib.dll: Win.Adware.Browsefox-14023 FOUND
C:\Program Files (x86)\Diablo III\fmodex.dll: Win.Trojan.Ramnit-6364 FOUND
C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\RMEncoder.exe: Win.Trojan.Ramnit-5879 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\32\SixtyOne\RaneAsioSixtyOnex86Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\32\SixtyTwo\RaneAsioSixtyTwox86Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\64\SixtyOne\RaneAsioSixtyOnex64Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\ASIO\64\SixtyTwo\RaneAsioSixtyTwox64Setup.exe: Win.Adware.Adseo-4 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyEightSetup_1.1.4f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyFourSetup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyOneSetup_1.1.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSixtyTwoSetup_1.2.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL2Setup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL3Setup_1.3.5f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\Drivers\RaneAsioSL4Setup_1.0.3f2.exe: Win.Adware.Optimizerpro-2 FOUND
C:\Program Files (x86)\Serato\SeratoDJ\SeratoDJ.exe: Win.Adware.Browsefox-14023 FOUND
         
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:20-11-2015
durchgeführt von moonlab (Administrator) auf MOONLAB-THINK (21-11-2015 21:13:21)
Gestartet von D:\Downloads
Geladene Profile: moonlab &  (Verfügbare Profile: moonlab)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Akai Professional) C:\Program Files (x86)\Akai Professional\AMX\AudioDevMon.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(M-Audio) C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\WsxService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Windows\System32\nvwmi64.exe
(Authentec Inc.) C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(FSPro Labs) C:\Program Files\My Lockbox\mylbx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Winstep Software Technologies) C:\Program Files (x86)\Winstep\Nexus.exe
() C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FreeCommander.exe
(Marek Jasinski) C:\Program Files (x86)\FreeCommander XE\FcContextMenu64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13653208 2013-09-13] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63728 2015-06-08] (Lenovo)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2963184 2013-11-15] (Synaptics Incorporated)
HKLM\...\Run: [mylbx] => C:\Program Files\My Lockbox\mylbx.exe [2406152 2014-12-10] (FSPro Labs)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-07] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [132920 2013-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5236664 2012-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1805824 2013-10-16] (Game Inc.)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [66560 2013-06-17] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-08-31] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-03-25] (CANON INC.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-08-13] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18376832 2015-09-29] (Winstep Software Technologies)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401040 2014-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Amazon Music] => C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Run: [Google Update] => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-20] (Google Inc.)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [ConsentPromptBehaviorAdmin] 0
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nexus] => C:\Program Files (x86)\Winstep\Nexus.exe [18376832 2015-09-29] (Winstep Software Technologies)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CAHeadless] => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [1401040 2014-03-09] (Adobe Systems Incorporated)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Amazon Music] => C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-05-07] ()
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Google Update] => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-11-20] (Google Inc.)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [BrStsW64.exe] => C:\Program Files (x86)\Brownie\BrStsW64.exe [3695928 2009-08-19] (brother)
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [EnableLUA] 0
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [ConsentPromptBehaviorAdmin] 0
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [174856 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2015-02-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2015-02-05] (NVIDIA Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\ThinkPad\Bluetooth Software\BtwProximityCP.dll C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll
Startup: C:\Users\moonlab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2015-11-21]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{A320D74D-8197-4253-84B5-52D9A88F1410}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1297538972-3483835822-425091157-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489
FF Homepage: hxxp://*****
hxxps://myspace.com/*****
hxxps://de-de.facebook.com/
hxxps://accounts.google.com/ServiceLogin?service=cl&passive=1209600&continue=hxxps://www.google.com/calendar/render?tab%3Dwc&followup=hxxps://www.google.com/calendar/render?tab%3Dwc&scc=1
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-11] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-11] ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-05-13] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-04] (NVIDIA Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @tools.google.com/Google Update;version=3 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000: @tools.google.com/Google Update;version=9 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-11-08] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=3 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @tools.google.com/Google Update;version=9 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-11-20] (Google Inc.)
FF Extension: Tab Mix Plus - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2015-09-02]
FF Extension: All-in-One Sidebar - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi [2015-10-07]
FF Extension: Geocaching.com GPX Downloader - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\extensions\gpxdown@geocaching.com.xpi [2015-11-21]
FF Extension: Video DownloadHelper - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-10-30]
FF Extension: Adblock Plus - C:\Users\moonlab\AppData\Roaming\Mozilla\Firefox\Profiles\yq8kvo6q.default-1385394388489\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-24]

Chrome: 
=======
CHR Profile: C:\Users\moonlab\AppData\Local\Google\Chrome\User Data\default

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2015936 2015-09-29] (Adobe Systems, Incorporated)
R2 AMXAudioDevMon; C:\Program Files (x86)\Akai Professional\AMX\AudioDevMon.exe [2287376 2014-10-02] (Akai Professional)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [319536 2015-04-17] (Lenovo.)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [167736 2013-05-30] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272424 2015-08-17] (Lenovo)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-02] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-07] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2855624 2015-02-05] ()
R2 OxygenAudioDevMon; C:\Program Files (x86)\M-Audio\Oxygen\AudioDevMon.exe [1632776 2010-03-04] (M-Audio)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [Datei ist nicht signiert]
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22008 2015-09-10] ()
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3596752 2014-08-13] (Check Point Software Technologies Ltd.)
S4 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1157056 2012-09-19] (Western Digital )
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [248248 2012-09-19] (Western Digital)
S4 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177536 2012-09-19] (Western Digital )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-13] (Check Point Software Technologies, Ltd.)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-02] (Intel® Corporation)
R2 Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService [X]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [370528 2013-02-14] (AfaTech                  )
S3 AMX1; C:\Windows\System32\DRIVERS\AkaiProfessionalAMX.sys [454928 2014-10-02] (Akai Professional)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-10-20] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 ffusb2audio; C:\Windows\System32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R0 FSProFilter2; C:\Windows\System32\Drivers\FSPFltd2.sys [57648 2011-06-03] (FSPro Labs)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [31232 2013-10-15] ( )
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2015-01-03] ()
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490592 2014-06-11] (Kaspersky Lab ZAO)
R3 LenovoRd; C:\Windows\System32\Drivers\LenovoRd.sys [118016 2009-05-11] (Lenovo)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R1 nvkflt; C:\Windows\System32\DRIVERS\nvkflt.sys [299664 2015-02-05] (NVIDIA Corporation)
S3 OXYGEN; C:\Windows\System32\DRIVERS\MAudioOxygen.sys [134664 2010-03-04] (M-Audio)
R3 RCUVCAVS; C:\Windows\System32\DRIVERS\RCUVCAVS.sys [177920 2013-07-05] (Ricoh co.,Ltd.)
S3 SeratoUsb; C:\Windows\System32\Drivers\SeratoUsb.sys [49656 2013-07-09] (Cristalink Ltd)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.)
S3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-08] (ThinkVantage Communications Utility)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 NVHDA; system32\drivers\nvhda64v.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-21 21:13 - 2015-11-21 21:13 - 00000000 ____D C:\FRST
2015-11-21 21:12 - 2015-11-21 21:12 - 00000000 _____ C:\Users\moonlab\defogger_reenable
2015-11-21 19:52 - 2015-11-21 19:52 - 00000735 _____ C:\Users\moonlab\AppData\Local\recently-used.xbel
2015-11-21 19:37 - 2015-11-21 19:52 - 00000000 ____D C:\Users\moonlab\AppData\Local\enchant
2015-11-21 18:05 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-21 18:05 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-21 18:05 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-21 18:05 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-21 18:05 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-21 18:05 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-21 18:05 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-21 18:05 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-21 18:05 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-21 18:05 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-21 18:05 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-21 18:05 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-21 18:05 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-21 18:05 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-21 18:05 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-21 18:05 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-21 18:05 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-21 18:05 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-21 18:05 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-21 18:05 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-21 18:05 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-21 18:05 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-21 18:05 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-21 18:05 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-21 18:05 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-21 18:05 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-21 18:05 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-21 18:05 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-21 18:05 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-21 18:05 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-21 18:05 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-21 18:05 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-21 18:05 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-21 18:05 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-21 18:05 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-21 18:05 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-21 18:05 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-21 18:05 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-21 18:05 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-21 18:05 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-21 18:05 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-21 18:05 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-21 18:05 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-21 18:05 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-21 18:05 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-21 18:05 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-21 18:05 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-21 18:05 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-21 18:05 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-21 18:05 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-21 18:05 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-21 18:05 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-21 18:05 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-21 18:05 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-21 18:05 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-21 18:05 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-21 18:05 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-21 18:05 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-21 18:05 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-21 18:05 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-21 18:05 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-21 18:05 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-21 18:05 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-21 18:05 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-21 18:04 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-21 18:04 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-21 18:04 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-21 18:04 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-21 18:04 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-21 18:04 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-21 18:04 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-21 18:04 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-21 18:04 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-21 18:04 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-21 18:04 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-21 18:04 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-21 18:04 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-21 18:04 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-21 18:04 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-21 18:04 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-21 18:04 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-21 18:04 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-21 18:04 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-21 18:04 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-21 18:04 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-21 18:04 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-21 18:04 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-21 18:04 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-21 18:04 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-21 18:04 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-21 18:04 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-21 18:04 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-21 18:04 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-21 18:04 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-21 18:04 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-21 18:04 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-21 18:04 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-21 18:04 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-21 18:04 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-21 18:04 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-21 18:04 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-21 18:04 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-21 18:04 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-21 18:04 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-21 18:04 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-21 18:04 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-21 18:04 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-21 18:04 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-21 18:04 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-21 18:04 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-21 18:04 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-21 18:03 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-21 18:03 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-21 18:03 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-21 18:02 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-21 18:02 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-21 18:02 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-21 18:02 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-20 16:15 - 2015-11-20 16:15 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2015-11-20 16:12 - 2015-11-21 20:17 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA.job
2015-11-20 16:12 - 2015-11-21 16:17 - 00001076 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core.job
2015-11-20 16:12 - 2015-11-20 16:12 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA
2015-11-20 16:12 - 2015-11-20 16:12 - 00003706 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core
2015-11-14 23:22 - 2015-11-14 23:22 - 00000882 _____ C:\Users\moonlab\Desktop\RECORDS.APR - Verknüpfung.lnk
2015-11-14 10:33 - 2015-11-18 12:52 - 00019277 _____ C:\Users\moonlab\Desktop\RecordsDescrib.xlsx
2015-11-10 22:35 - 2015-11-10 22:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\3FE1496C.sys
2015-10-30 20:05 - 2015-10-30 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
2015-10-24 21:33 - 2015-10-01 19:06 - 00692672 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-24 21:33 - 2015-10-01 19:04 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-24 21:33 - 2015-10-01 19:00 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-24 21:33 - 2015-10-01 19:00 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-24 21:33 - 2015-10-01 19:00 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-24 21:33 - 2015-10-01 19:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-24 21:33 - 2015-10-01 19:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-24 21:33 - 2015-10-01 18:50 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-24 21:33 - 2015-10-01 18:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-24 21:33 - 2015-08-06 19:04 - 14176768 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-24 21:33 - 2015-08-06 19:03 - 01866752 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-24 21:33 - 2015-08-06 18:44 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-24 21:33 - 2015-08-06 18:44 - 01498624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-21 21:12 - 2015-03-28 10:49 - 00000000 ____D C:\Program Files (x86)\FreeCommander XE
2015-11-21 21:12 - 2013-10-09 10:00 - 00000000 ____D C:\Users\moonlab
2015-11-21 21:02 - 2015-01-04 15:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-21 21:02 - 2013-10-17 14:23 - 00056569 ____H C:\Windows\SysWOW64\BTImages.dat
2015-11-21 20:59 - 2013-10-14 16:21 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\KeePass
2015-11-21 20:50 - 2015-01-06 16:59 - 00000000 ____D C:\AdwCleaner
2015-11-21 20:47 - 2015-05-06 16:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-21 20:40 - 2015-06-17 09:35 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Google
2015-11-21 20:13 - 2013-10-09 09:49 - 01499182 _____ C:\Windows\WindowsUpdate.log
2015-11-21 19:35 - 2013-10-14 20:19 - 00000295 _____ C:\Windows\Brownie.ini
2015-11-21 19:28 - 2011-04-12 08:43 - 00674860 _____ C:\Windows\system32\perfh007.dat
2015-11-21 19:28 - 2011-04-12 08:43 - 00139968 _____ C:\Windows\system32\perfc007.dat
2015-11-21 19:28 - 2009-07-14 06:13 - 01556210 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-21 18:28 - 2009-07-14 05:51 - 00363092 _____ C:\Windows\setupact.log
2015-11-21 18:25 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-21 18:25 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-21 18:17 - 2013-10-09 10:47 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-21 18:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-21 18:17 - 2009-07-14 05:45 - 00462024 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-21 18:16 - 2011-04-12 08:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-21 18:13 - 2013-10-09 12:30 - 00000000 ____D C:\Windows\system32\MRT
2015-11-21 18:11 - 2013-10-09 12:30 - 145617392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-11-21 18:10 - 2013-10-09 11:48 - 01530490 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-21 17:57 - 2013-10-14 18:17 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\MediaMonkey
2015-11-21 11:15 - 2013-10-09 11:52 - 00000000 ____D C:\Users\moonlab\AppData\Local\Adobe
2015-11-20 16:12 - 2013-10-20 10:01 - 00000000 ____D C:\Users\moonlab\AppData\Local\Google
2015-11-19 15:43 - 2013-10-21 18:56 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Mp3tag
2015-11-19 07:36 - 2014-03-08 12:54 - 00000000 ____D C:\Users\moonlab\AppData\Local\Battle.net
2015-11-18 18:35 - 2013-12-02 15:12 - 00000000 ____D C:\Program Files (x86)\StarMoney 9.0 apoEdition
2015-11-16 13:28 - 2010-11-21 04:47 - 00261938 _____ C:\Windows\PFRO.log
2015-11-15 21:03 - 2013-10-14 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-11-15 21:03 - 2013-10-14 20:22 - 00000000 ____D C:\Program Files\Calibre2
2015-11-15 10:18 - 2013-10-09 13:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-11-12 18:06 - 2013-10-14 19:35 - 00000000 ____D C:\Users\moonlab\AppData\Roaming\Audacity
2015-11-12 18:06 - 2013-10-13 18:38 - 00000000 ____D C:\ProgramData\Ableton
2015-11-12 17:56 - 2014-07-15 21:14 - 00000000 ____D C:\temp
2015-11-11 16:47 - 2015-05-06 16:56 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-11 16:47 - 2013-11-23 12:37 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-11 16:47 - 2013-11-23 12:37 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-11 11:08 - 2013-10-13 16:51 - 00000000 ____D C:\Program Files (x86)\Diablo III
2015-11-10 18:50 - 2013-10-09 19:36 - 00000000 ____D C:\Program Files (x86)\Winstep
2015-11-08 10:20 - 2013-11-18 14:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-01 16:38 - 2015-01-04 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-01 16:38 - 2015-01-04 15:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-10-30 20:05 - 2013-10-14 19:08 - 00000000 ____D C:\Program Files (x86)\Serato
2015-10-30 20:05 - 2013-10-14 15:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-25 12:18 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-10-22 14:30 - 2014-04-07 19:17 - 00001456 _____ C:\Users\moonlab\AppData\Local\Adobe Für Web speichern 12.0 Prefs

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2014-07-02 20:58 - 2014-07-02 21:04 - 0000132 _____ () C:\Users\moonlab\AppData\Roaming\Adobe CS5-Voreinstellungen für BMP-Format
2014-02-19 14:53 - 2015-06-16 18:24 - 0000132 _____ () C:\Users\moonlab\AppData\Roaming\Adobe CS5-Voreinstellungen für PNG-Format
2014-04-07 19:17 - 2015-10-22 14:30 - 0001456 _____ () C:\Users\moonlab\AppData\Local\Adobe Für Web speichern 12.0 Prefs
2013-10-20 19:36 - 2015-04-07 08:55 - 0013824 _____ () C:\Users\moonlab\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-11-21 19:52 - 2015-11-21 19:52 - 0000735 _____ () C:\Users\moonlab\AppData\Local\recently-used.xbel
2013-10-13 14:20 - 2014-07-20 17:22 - 0007656 _____ () C:\Users\moonlab\AppData\Local\Resmon.ResmonCfg
2015-06-03 10:05 - 2015-06-03 10:05 - 5623786 _____ () C:\Users\moonlab\AppData\Local\TempDSC_4268.jpg
2015-06-03 10:06 - 2015-06-03 10:06 - 5623786 _____ () C:\Users\moonlab\AppData\Local\TempDSC_42680.jpg
2013-10-14 15:09 - 2013-10-14 15:09 - 0013375 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131014.160954.wdl
2013-11-04 19:08 - 2013-11-04 19:08 - 0013178 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.190811.wdl
2013-11-04 19:10 - 2013-11-04 19:10 - 0013178 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.191028.wdl
2013-11-04 19:30 - 2013-11-04 19:30 - 0013187 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.193005.wdl
2013-11-04 19:30 - 2013-11-04 19:30 - 0013187 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20131104.193022.wdl
2014-02-01 11:39 - 2014-02-01 11:39 - 0014440 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140201.113944.wdl
2014-02-01 11:40 - 2014-02-01 11:40 - 0014443 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140201.114014.wdl
2014-05-16 13:06 - 2014-05-16 13:06 - 0014819 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140516.140601.wdl
2014-05-21 20:56 - 2014-05-21 20:57 - 0015099 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140521.215659.wdl
2014-05-21 21:01 - 2014-05-21 21:01 - 0015090 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140521.220101.wdl
2014-06-08 12:28 - 2014-06-08 12:28 - 0015245 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132842.wdl
2014-06-08 12:29 - 2014-06-08 12:29 - 0015145 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132920.wdl
2014-06-08 12:29 - 2014-06-08 12:30 - 0015236 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140608.132954.wdl
2014-07-15 21:10 - 2014-07-15 21:10 - 0015099 _____ () C:\Users\moonlab\AppData\Local\WiDiSetupLog.20140715.221031.wdl
2013-10-09 11:50 - 2013-10-09 11:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-21 18:51 - 2015-03-29 10:33 - 0000217 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-20 14:27

==================== Ende von FRST.txt ============================
         
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:20-11-2015
durchgeführt von moonlab (2015-11-21 21:13:44)
Gestartet von D:\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2013-10-09 09:00:37)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1297538972-3483835822-425091157-500 - Administrator - Disabled)
Gast (S-1-5-21-1297538972-3483835822-425091157-501 - Limited - Enabled)
moonlab (S-1-5-21-1297538972-3483835822-425091157-1000 - Administrator - Enabled) => C:\Users\moonlab

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: ZoneAlarm Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Ableton Live 9 Standard (HKLM-x32\...\{CC6813E0-E96C-4E4B-A299-8864E37B2082}) (Version: 9.0.0.0 - Ableton)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.213 - Adobe Systems Incorporated)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe GoLive CS (DEU) (HKLM-x32\...\{507C870C-C27E-4F53-A32A-23500AC62A46}) (Version: CS 7.0.2 - Adobe Systems, Inc.)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.1.0.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{436ADF1E-8D47-11E5-BB5D-B8AC6F88925A}) (Version: 11.2.2.0 - Google)
Akai Professional AMX 1.0.4 (x64) (HKLM\...\{8D7A8DAE-8097-48C9-B181-DBEB815D5150}) (Version: 1.0.4 - Akai Professional)
Amazon Music (HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
Audiograbber MP3-Plugin (64 bit) (HKLM-x32\...\Audiograbber-Lame) (Version: 1.0 - AG)
Bass Station 2.1 (HKLM-x32\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 2.1 - Novation)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Brother HL-2030 (HKLM-x32\...\{E959EF2C-B8F9-449C-9F40-A4AF823EF18F}) (Version: 1.00 - Brother)
calibre 64bit (HKLM\...\{A80512D3-A72D-4DAF-B7DF-3804F9FAB1CE}) (Version: 2.44.1 - Kovid Goyal)
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version:  - )
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.4.1 - Canon Inc.)
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
Comic Collector (HKLM-x32\...\{4C44DC2C-4DE3-4120-865F-F770C53972DE}_is1) (Version:  - Collectorz.com)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0337 - Disc Soft Ltd)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Edraw Mind Map 7.8 (HKLM-x32\...\Edraw Mind Map Freeware_is1) (Version:  - EdrawSoft)
Elements 12 Organizer (x32 Version: 12.0 - Ihr Firmenname) Hidden
Energie-Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 6.67.5 - Lenovo Group Limited)
Focusrite USB 2.0 Audio Driver 2.5.1 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5.1 - Focusrite Audio Engineering Limited.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version:  - Marek Jasinski)
Freizeitkarte_DEU (Ausgabe 15.05) (HKLM-x32\...\Freizeitkarte_DEU) (Version:  - )
Freizeitkarte_DNK (Ausgabe 15.05) (HKLM-x32\...\Freizeitkarte_DNK) (Version:  - )
Garmin BaseCamp (HKLM-x32\...\{36A0D446-B8E9-4753-BDFE-335F6F4DE59C}) (Version: 4.5.2 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM\...\{DC7720F2-98BE-41C1-B0A8-E391362E86B8}) (Version: 2.3.1.1 - Garmin Ltd or its subsidiaries)
Hexonic PDF Metadata Editor Version 1.0.0 (HKLM-x32\...\{5145BD44-B795-11E1-B7ED-AEF46088709B}_is1) (Version: 1.0.0 - Hexonic Software)
Integrated Camera Driver Installer Package Ver.1.0.0.30 (HKLM-x32\...\{F8754583-7893-4CD8-9E51-1A08F3D4C1A9}) (Version: 1.0.0.30 - RICOH)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 18.7 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.9.254 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{828af006-cb5e-4d60-957a-523098a1b0f8}) (Version: 16.1.3 - Intel Corporation)
KeePass Password Safe 2.24 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.24 - Dominik Reichl)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo Anzeige am Bildschirm (HKLM\...\OnScreenDisplay) (Version: 8.72.10 - Lenovo)
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 2.11 - )
Lenovo Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 3.1.12.0 - Lenovo)
Lenovo Patch Utility (x32 Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Patch Utility 64 bit (Version: 1.4.0.4 - Lenovo Group Limited) Hidden
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.04.05 - )
Lenovo Solution Center (HKLM\...\{E92E1FF1-B188-43FE-BECA-2248E227E67D}) (Version: 2.8.005.00 - Lenovo Group Limited)
Lenovo System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 5.07.0008 - Lenovo)
Loopmaster Samples version 1.0 (HKLM-x32\...\{EF29801F-C87A-481B-B4D1-6D1FBDEA954B}_is1) (Version: 1.0 - Serato LP INC)
Lotus SmartSuite - Deutsch (HKLM-x32\...\{536D6172-7453-7569-7465-392E37300407}) (Version: 9.7.0 - Lotus Development Corporation)
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Marvel Heroes Game (HKLM-x32\...\{ca6069b5-fc6b-4ce8-a03e-2304143706b7}_is1) (Version: 1.0 - Gazillion Entertainment)
M-Audio Oxygen Driver 1.2.1 (x64) (HKLM\...\{6F0B8408-835B-4A55-A429-EB899AD68467}) (Version: 1.2.1 - M-Audio)
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Metric Collection SDK (x32 Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.6 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mixed in Key (x32 Version: 1.0.208.0 - Mixed In Key LLC) Hidden
Mixed In Key 7 (HKU\S-1-5-21-1297538972-3483835822-425091157-1000\...\{3de857a1-0c56-441b-94ce-4c17ef20b13e}) (Version: 7.0.208.0 - Mixed In Key LLC)
Mixed In Key 7 (HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\{3de857a1-0c56-441b-94ce-4c17ef20b13e}) (Version: 7.0.208.0 - Mixed In Key LLC)
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 42.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 de)) (Version: 42.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 de)) (Version: 38.3.0 - Mozilla)
MP3 Diags (HKLM-x32\...\MP3Diags) (Version:  - )
Mp3tag v2.70 (HKLM-x32\...\Mp3tag) (Version: v2.70 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Lockbox 3.6.4 (HKLM\...\My Lockbox_is1) (Version: 3.6.4 - )
Nexus 15.9 (HKLM-x32\...\Winstep Xtreme_is1) (Version:  - )
NVIDIA 3D Vision Treiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 345.20 - NVIDIA Corporation)
NVIDIA Grafiktreiber 345.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 345.20 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA WMI 2.19.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.19.0 - NVIDIA Corporation)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.213.1 - Tracker Software Products Ltd)
Personal Backup 5.7.1.4 (HKLM\...\Personal Backup 5_is1) (Version: 5.7.1.4 - Dr. J. Rathlev)
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{A3C03067-855A-4B5B-B08B-A1BFD68FCAF8}) (Version: 2.8.30000 - Polar Electro Oy)
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Red 2 & Red 3 Plug-in Suite version 1.0 (HKLM\...\Red 2 & Red 3 Plug-in Suite_is1) (Version: 1.0 - Focusrite Audio Engineering Limited)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scarlett Plug-in Suite 1.7 (HKLM-x32\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.7 - Focusrite)
Scratch Live 2.5.0 (11) (HKLM-x32\...\{EA21EB55-073F-4CF5-A964-0412E755955A}) (Version: 2.5.0 - Serato Inc LP)
SeaTools for Windows (HKLM-x32\...\{98613C99-1399-416C-A07C-1EE1C585D872}) (Version: 1.2.0.7 - Seagate Technology)
Serato DJ  (HKLM-x32\...\{f23c6e49-5a7f-4ac0-8d7f-8794ae36228c}) (Version: 1.8.0.7502 - )
Serato DJ  (x32 Version: 1.8.0.7502 - Serato) Hidden
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
shortcircuit (HKLM-x32\...\shortcircuit) (Version:  - )
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
SportTracks 3.1 (HKLM-x32\...\{99895EF0-B290-4B21-B1FE-FB00E1B5D195}) (Version: 3.1.5770 - Zone Five Software)
StarMoney (x32 Version: 3.0.1.31 - StarFinanz) Hidden
StarMoney (x32 Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 9.0 apoEdition (HKLM-x32\...\{C44A6A34-56A1-4339-8755-3292125B448F}) (Version: 9.0 - Star Finanz GmbH)
ThinkPad Bluetooth with Enhanced Data Rate Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4500 - Broadcom Corporation)
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.19.13 - )
ThinkVantage Access Connections (HKLM-x32\...\{8E537894-A559-4D60-B3CB-F4485E3D24E3}) (Version: 6.25.65 - Lenovo)
ThinkVantage Fingerprint Software (HKLM\...\{F58DA859-016E-492D-A588-317D9BB28002}) (Version: 5.9.9.7282 - Authentec Inc.)
ThinkVantage System für aktiven Festplattenschutz (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
WD SmartWare (HKLM\...\{6FE8A1DA-8CA6-4801-BF0F-0F2FED143FF4}) (Version: 1.6.4.7 - Western Digital Technologies, Inc.)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/25/2013 2.5.128.1) (HKLM\...\CF1FC201D237269A9CD51A3A6B14ADBF67175C32) (Version: 09/25/2013 2.5.128.1 - Focusrite)
XMedia Recode Version 3.2.3.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.2.3.6 - XMedia Recode)
ZoneAlarm Antivirus (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 13.3.209.000 - Check Point)
ZoneAlarm Security (x32 Version: 13.3.209.000 - Check Point Software Technologies Ltd.) Hidden

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1297538972-3483835822-425091157-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\moonlab\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll (Google Inc.)

==================== Wiederherstellungspunkte =========================

03-11-2015 18:00:02 Windows Update
06-11-2015 21:25:59 Windows Update
08-11-2015 10:13:47 Installed calibre 64bit
10-11-2015 22:34:12 Windows Update
15-11-2015 21:02:13 Installed calibre 64bit
21-11-2015 18:05:45 Windows Update

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-01-04 13:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {586CBFC5-C49E-44A4-9A86-31388F3EFD9B} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PwmIdTsv.exe [2015-04-17] (Lenovo Group Limited)
Task: {63343FB1-3E26-4BCA-B88F-BBA2330E9110} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {634CEBF2-97D5-438E-B188-1BA5CE321CE8} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2015-08-17] (Lenovo)
Task: {69AA8D62-F459-4967-B129-B9D1B6805233} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {8C5CC02D-0B8E-4478-9EFD-9815F23F8889} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {9D3267C7-16D8-4E02-8943-0B8C022F850E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-08-17] (Lenovo)
Task: {B137FA81-6BD8-4AAC-8B30-0717A5DA0EE4} - System32\Tasks\AdobeAAMUpdater-1.0-moonlab-THINK-moonlab => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {BC6FCFAE-7A51-49B3-82C5-B3EFB0824117} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)
Task: {D54E0BB7-B97B-4E8B-AA1B-92A5FF58F5B9} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()
Task: {DC01F099-BB41-492A-8ABD-D2241DDD0590} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe [2015-11-20] (Google Inc.)
Task: {E0A95A03-C773-4EEB-850B-3C8774109FD8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
Task: {ECBE5ACC-D2EB-42CF-85D8-5077047B748C} - System32\Tasks\Lenovo\LSC\LSCTaskService => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCTaskService.exe [2015-08-17] (Lenovo)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000Core.job => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1297538972-3483835822-425091157-1000UA.job => C:\Users\moonlab\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2014-07-15 21:13 - 2015-02-05 09:16 - 02855624 _____ () C:\Windows\system32\nvwmi64.exe
2012-12-12 14:20 - 2012-12-12 14:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2013-10-09 10:26 - 2015-02-04 21:29 - 00115912 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-14 18:17 - 2015-03-02 22:51 - 00089088 _____ () C:\Program Files (x86)\MediaMonkey\DeskPlayer.dll
2013-10-09 11:53 - 2015-04-17 05:07 - 00118272 ____N () C:\Program Files (x86)\ThinkPad\Utilities\GR\PWMRT64V.DLL
2012-09-03 11:52 - 2012-09-03 11:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-01-10 12:07 - 2015-05-07 20:12 - 05886784 _____ () C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-07-19 18:15 - 2011-08-02 19:58 - 02201088 _____ () C:\Program Files\Lenovo\Communications Utility\cxcore210.dll
2014-07-19 18:15 - 2011-08-02 19:58 - 02085888 _____ () C:\Program Files\Lenovo\Communications Utility\cv210.dll
2012-05-06 11:20 - 2012-05-06 11:20 - 03449856 _____ () C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
2012-12-12 14:20 - 2012-12-12 14:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2014-08-02 18:11 - 2011-01-13 10:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\PATCHW32.dll
2014-07-15 21:13 - 2015-02-05 09:16 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-10-09 19:36 - 2012-06-08 19:40 - 01086176 _____ () C:\Program Files (x86)\Winstep\wodTelnetDLX.dll
2014-10-24 21:34 - 2014-10-24 21:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 21:46 - 2014-04-25 21:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 21:35 - 2014-10-24 21:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2013-10-09 11:49 - 2013-05-13 14:15 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2013-10-09 13:39 - 2015-11-15 10:18 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-09 13:39 - 2015-11-15 10:18 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1297538972-3483835822-425091157-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Documents\WinStep\Themes\Venom1\Wallpaper.bmp
HKU\S-1-5-21-1297538972-3483835822-425091157-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Public\Documents\WinStep\Themes\Venom1\Wallpaper.bmp
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: WDBackup => 2
MSCONFIG\Services: WDDriveService => 2
MSCONFIG\Services: WDRulesService => 2
MSCONFIG\startupfolder: C:^Users^moonlab^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk => C:\Windows\pss\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Amazon Cloud Player => "C:\Users\moonlab\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CAHeadless => C:\Program Files (x86)\Adobe\Elements 12 Organizer\CAHeadless\ElementsAutoAnalyzer.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: KeePass 2 PreLoad => "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
MSCONFIG\startupreg: LENOVO.TPKNRRES => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
MSCONFIG\startupreg: Reader Application Helper => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{0856F5E8-D98E-421F-BA78-9A1BCAD18069}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{3109BB05-9E8C-4867-B509-59AC9316CF25}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{B4A9152C-D87E-44FF-95D7-C95009BA19E6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{58771B22-E681-4D32-A40A-96713183B255}] => (Allow) LPort=6603
FirewallRules: [{5BE4D61E-A5FC-4FBA-802E-838044BC7A6F}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{53BA1E8F-8518-43EA-A47F-F83F12DE041A}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe
FirewallRules: [{1869449B-B5CA-49D7-BB48-3567D9AD2F43}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{30EC195C-EB59-44E6-AE6A-285D7A0753D1}] => (Allow) C:\Program Files (x86)\StarMoney 9.0 apoEdition\app\StarMoney.exe
FirewallRules: [{58752E1C-689B-4F8E-9552-614194CCEF22}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{D596BDEA-7C43-4A89-9A25-20C1FFF9B1B8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{7FD45EB3-62B4-4211-9CB6-783FFF331975}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => (Block) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe
FirewallRules: [UDP Query User{8FFF797B-D46D-4E96-BC3A-ED27B54A5765}C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe] => (Block) C:\program files (x86)\gazillion entertainment\marvel heroes game\unrealengine3\binaries\win32\marvelheroes2015.exe
FirewallRules: [{4C363604-2CA1-4D81-9DDB-EFA29201B23F}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{0DC2095D-2959-4CC2-9763-EB33379E47E1}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{DC658108-D066-4461-A290-1FCB8D9118FC}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{081DAAD5-6B8E-4EE9-BF7A-4637647EAA09}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{3365CBE0-0BB2-4D2E-98EC-653D984427E8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D392AE79-FA03-4D0B-887E-EF6CA555DAB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67B7E0BB-219C-4DDC-97C6-289B93569198}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4C99F003-9AF5-40C3-A197-7CE514667707}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{3D740688-EB06-456E-A94B-367179A8B057}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{AD31A5AB-1F28-461B-8D8B-16A7DDB2D3A1}] => (Allow) C:\Program Files (x86)\Lenovo\System Update\uncserver.exe
FirewallRules: [{1225B996-663F-441D-ABB9-CFF0B667CB47}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51362767-907D-4C67-9AF1-8ECBCEA5A992}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/21/2015 06:17:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/21/2015 11:05:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/20/2015 02:10:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 04:58:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 09:31:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/19/2015 07:19:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 10:29:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/18/2015 09:40:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2015 09:50:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (11/17/2015 03:32:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


Systemfehler:
=============
Error: (11/21/2015 05:59:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/12/2015 09:16:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Stereoscopic 3D Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/12/2015 02:20:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "TrueVector Internet Monitor" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/11/2015 11:28:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/11/2015 11:28:28 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/11/2015 11:28:28 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}

Error: (10/28/2015 00:43:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll

Error: (10/26/2015 03:28:51 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.

Modulpfad: C:\Windows\System32\IWMSSvc.dll


CodeIntegrity:
===================================
  Date: 2015-01-23 17:54:10.595
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:53:35.819
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:53:34.299
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:53:33.219
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:53:02.396
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:52:59.874
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:52:58.790
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:50:59.151
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:49:51.669
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-23 17:49:50.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\dsound.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i7-3610QM CPU @ 2.30GHz
Prozentuale Nutzung des RAM: 48%
Installierter physikalischer RAM: 7734.83 MB
Verfügbarer physikalischer RAM: 3979.81 MB
Summe virtueller Speicher: 15467.87 MB
Verfügbarer virtueller Speicher: 11821.21 MB

==================== Laufwerke ================================

Drive c: (System) (Fixed) (Total:465.66 GB) (Free:345.37 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:136.37 GB) NTFS
Drive r: (SANDISK32) (Removable) (Total:28.63 GB) (Free:9.53 GB) FAT32

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 19969619)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E175C627)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 14.9 GB) (Disk ID: B37CFDDD)

Partition: GPT.

========================================================
Disk: 3 (Size: 28.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Alt 21.11.2015, 21:05   #2
dorle17
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-11-21 21:43:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Samsung_ rev.EXT0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\moonlab\AppData\Local\Temp\kwliikod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                       0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                         0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                       0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                       0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                          0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                   0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                          0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                   0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                         0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                              0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                       0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                         0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                            0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                         0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                       0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                   0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1848] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                   0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                            0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                              0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                            0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                            0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                               0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                        0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                               0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                        0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                              0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                   0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                            0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                              0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                 0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                              0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                            0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                        0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe[2324] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                        0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextCreate + 4                                              0000000070421825 2 bytes JMP 75d26305 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroy + 4                                             0000000070421830 2 bytes JMP 75d26325 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dContextDestroyAll + 4                                          000000007042183b 2 bytes JMP 75d26345 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dDrawPrimitives2 + 4                                            0000000070421846 2 bytes JMP 75d25be5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkD3dValidateTextureStageState + 4                                  0000000070421851 2 bytes JMP 75d26365 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAddAttachedSurface + 4                                          000000007042185c 2 bytes JMP 75d26445 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAlphaBlt + 4                                                    0000000070421867 2 bytes JMP 75d26465 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdAttachSurface + 4                                               0000000070421872 2 bytes JMP 75d26485 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBeginMoCompFrame + 4                                            000000007042187d 2 bytes JMP 75d264a5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdBlt + 4                                                         0000000070421888 2 bytes JMP 75d25c05 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateD3DBuffer + 4                                          0000000070421893 2 bytes JMP 75d264c5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCanCreateSurface + 4                                            000000007042189e 2 bytes JMP 75d25c85 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdColorControl + 4                                                00000000704218a9 2 bytes JMP 75d264e5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateD3DBuffer + 4                                             00000000704218b4 2 bytes JMP 75d26505 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateDirectDrawObject + 4                                      00000000704218bf 2 bytes JMP 75cf228b C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateMoComp + 4                                                00000000704218ca 2 bytes JMP 75d26545 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurface + 4                                               00000000704218d5 2 bytes JMP 75d25ca5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceEx + 4                                             00000000704218e0 2 bytes JMP 75d25d25 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdCreateSurfaceObject + 4                                         00000000704218eb 2 bytes JMP 75d25d45 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteDirectDrawObject + 4                                      00000000704218f6 2 bytes JMP 75d26aa5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDeleteSurfaceObject + 4                                         0000000070421901 2 bytes JMP 75d25c65 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyD3DBuffer + 4                                            000000007042190c 2 bytes JMP 75d26ac5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroyMoComp + 4                                               0000000070421917 2 bytes JMP 75d26b05 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdDestroySurface + 4                                              0000000070421922 2 bytes JMP 75d25cc5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdEndMoCompFrame + 4                                              000000007042192d 2 bytes JMP 75d26b25 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlip + 4                                                        0000000070421938 2 bytes JMP 75d26b45 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdFlipToGDISurface + 4                                            0000000070421943 2 bytes JMP 75d26b65 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetAvailDriverMemory + 4                                        000000007042194e 2 bytes JMP 75d26b85 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetBltStatus + 4                                                0000000070421959 2 bytes JMP 75d26ba5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDC + 4                                                       0000000070421964 2 bytes JMP 75d26bc5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverInfo + 4                                               000000007042196f 2 bytes JMP 75d26be5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDriverState + 4                                              000000007042197a 2 bytes JMP 75d26c05 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetDxHandle + 4                                                 0000000070421985 2 bytes JMP 75d26c25 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetFlipStatus + 4                                               0000000070421990 2 bytes JMP 75d26c45 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetInternalMoCompInfo + 4                                       000000007042199b 2 bytes JMP 75d26c65 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompBuffInfo + 4                                           00000000704219a6 2 bytes JMP 75d26c85 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompFormats + 4                                            00000000704219b1 2 bytes JMP 75d26ca5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetMoCompGuids + 4                                              00000000704219bc 2 bytes JMP 75d26cc5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdGetScanLine + 4                                                 00000000704219c7 2 bytes JMP 75d26ce5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLock + 4                                                        00000000704219d2 2 bytes JMP 75d26d05 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdLockD3D + 4                                                     00000000704219dd 2 bytes JMP 75d25d65 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryDirectDrawObject + 4                                       00000000704219e8 2 bytes JMP 75d26d45 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdQueryMoCompStatus + 4                                           00000000704219f3 2 bytes JMP 75d26d65 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReenableDirectDrawObject + 4                                    00000000704219fe 2 bytes JMP 75d26da3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdReleaseDC + 4                                                   0000000070421a09 2 bytes JMP 75d26dc3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdRenderMoComp + 4                                                0000000070421a14 2 bytes JMP 75d26de3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdResetVisrgn + 4                                                 0000000070421a1f 2 bytes JMP 75d25ce5 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetColorKey + 4                                                 0000000070421a2a 2 bytes JMP 75d26e03 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetExclusiveMode + 4                                            0000000070421a35 2 bytes JMP 75d26e23 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetGammaRamp + 4                                                0000000070421a40 2 bytes JMP 75d26e43 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdSetOverlayPosition + 4                                          0000000070421a4b 2 bytes JMP 75d26e63 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnattachSurface + 4                                             0000000070421a56 2 bytes JMP 75d26e83 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlock + 4                                                      0000000070421a61 2 bytes JMP 75d26ea3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUnlockD3D + 4                                                   0000000070421a6c 2 bytes JMP 75d25d85 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdUpdateOverlay + 4                                               0000000070421a77 2 bytes JMP 75d26ec3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 4                                        0000000070421a82 2 bytes JMP 75d26ee3 C:\Windows\syswow64\GDI32.dll
.text  C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe[2952] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 52                                       0000000070421ab2 2 bytes JMP 75b6dc75 C:\Windows\syswow64\msvcrt.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                         0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                           0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                         0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                         0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                            0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                     0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                            0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                     0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                           0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                         0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                           0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                              0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                           0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                         0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                     0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\StarMoney 9.0 apoEdition\ouservice\StarMoneyOnlineUpdate.exe[2788] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                     0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                  0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                    0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                  0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                  0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                     0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                              0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                     0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                              0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                    0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                         0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                  0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                    0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                       0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                    0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                  0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                              0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe[3548] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                              0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                             00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                               00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                               00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                              00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                      0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                      0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                        0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                           0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                         0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                             0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                            00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                            00000000757de567 5 bytes JMP 0000000169514350
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                       00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                     0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                        0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                          0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                               0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE[4864] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\SysWOW64\ntdll.dll!RtlFreeActivationContextStack + 271                                                             000000007784694f 7 bytes JMP 0000000100519d68
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                             00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!FreeLibrary + 8                                                                              00000000758b3480 7 bytes JMP 0000000100519bac
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!GetFileInformationByHandle + 19                                                              00000000758b5379 7 bytes JMP 00000001004bd04c
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                               00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                               00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                              00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                      0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                      0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                        0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                           0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                         0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                             0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                                0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                               0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                                0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!CreatePen                                                                                       0000000075cebc19 5 bytes JMP 0000000100708004
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                        0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                          0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!GetSysColor                                                                                    00000000757b6c3c 5 bytes JMP 00000001007081b0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                                00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!GetSysColorBrush                                                                               00000000757c35a4 5 bytes JMP 00000001007082e4
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                            00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                            00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                       00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                     0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                       0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                         0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                       0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                       0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                   0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                   0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                         0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                       0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                         0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                         0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                       0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                   0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\My Lockbox\mylbx.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                   0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                               00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                 00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                        0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                           0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                  00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                              00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                              00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                         00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                       0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                 0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[5720] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                  0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                          00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                            00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                            00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                           00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                   0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                   0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                     0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                        0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                      0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                          0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                             0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                     0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                       0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                             00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                         00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                         00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                    00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\Winstep\Nexus.exe[5856] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                  0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                               00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                 00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                        0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                           0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                  00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                              00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                              00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                         00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                       0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Users\moonlab\AppData\Local\Amazon Music\Amazon Music Helper.exe[5920] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                     00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                       00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                       00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                      00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                              0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                              0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                   0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                 0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                     0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                        0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                        00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                    00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                    00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                               00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                             0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                       0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[6036] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                        0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW          00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegSetValueExW            00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegSetValueExA            00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW           00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx   0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation   0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW     0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW        0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW      0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW          0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary             0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList     0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo       0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!CreateWindowExW             00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA         00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW         00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW    00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo  0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket            0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe[5184] C:\Windows\syswow64\ole32.dll!CoCreateInstance             0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                               00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                 00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                        0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                        0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                          0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                             0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                           0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                               0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                  0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                  00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                              00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                              00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                         00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                       0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                          0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                            0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                 0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[5760] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                  0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                               00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                 00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                 00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                        0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                        0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                          0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                             0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                           0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                               0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                  0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                  00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                              00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                              00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                         00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                       0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                          0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                            0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                                 0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe[1420] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                  0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                           00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                             00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                             00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                            00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                    0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                    0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                      0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                         0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                       0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                           0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                              0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                              00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                          00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                          00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                     00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                   0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                      0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                        0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                             0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe[5212] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                              0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                             00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                               00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                               00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                              00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                      0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                      0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                        0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                           0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                         0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                             0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                            00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                            00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                       00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                     0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                        0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                          0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                               0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe[6392] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                                0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                             0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                               0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                             0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                             0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                         0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                         0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                               0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                    0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                             0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                               0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                  0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                               0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                             0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                         0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe[4172] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                         0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                      00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                        00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                        00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                       00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                               0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                               0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                 0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                    0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                  0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                      0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                         0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                         00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                     00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                     00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                              0000000075817a5c 5 bytes JMP 00000001695142d0
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                 0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                   0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket                                                        0000000075655ea5 5 bytes JMP 0000000169513a00
.text  C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe[6776] C:\Windows\syswow64\ole32.dll!CoCreateInstance                                                         0000000075689d0b 5 bytes JMP 0000000169513990
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                      0000000076f81401 2 bytes JMP 758db21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                        0000000076f81419 2 bytes JMP 758db346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                      0000000076f81431 2 bytes JMP 75958fd1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                      0000000076f8144a 2 bytes CALL 758b489d C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                       * 9
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                         0000000076f814dd 2 bytes JMP 759588c4 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                  0000000076f814f5 2 bytes JMP 75958aa0 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                         0000000076f8150d 2 bytes JMP 759587ba C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                  0000000076f81525 2 bytes JMP 75958b8a C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                        0000000076f8153d 2 bytes JMP 758cfca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                             0000000076f81555 2 bytes JMP 758d68ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                      0000000076f8156d 2 bytes JMP 75959089 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                        0000000076f81585 2 bytes JMP 75958bea C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                           0000000076f8159d 2 bytes JMP 7595877e C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                        0000000076f815b5 2 bytes JMP 758cfd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                      0000000076f815cd 2 bytes JMP 758db2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                  0000000076f816b2 2 bytes JMP 75958f4c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE[2872] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                  0000000076f816bd 2 bytes JMP 75958713 C:\Windows\syswow64\kernel32.dll
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW                                                                           00000000758b1efe 7 bytes JMP 0000000169514b10
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExW                                                                             00000000758b5b9d 7 bytes JMP 00000001695154b0
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegSetValueExA                                                                             00000000758c13f9 7 bytes JMP 0000000169514e50
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW                                                                            00000000758cea45 7 bytes JMP 0000000169514b00
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx                                                                    0000000075958f4c 7 bytes JMP 00000001695145c0
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation                                                                    0000000075958fd1 5 bytes JMP 0000000169514670
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW                                                                      0000000075959327 5 bytes JMP 00000001695145d0
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW                                                                         0000000075341d29 5 bytes JMP 0000000169514580
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW                                                                       0000000075341dd7 5 bytes JMP 0000000169514540
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW                                                                           0000000075342ab1 5 bytes JMP 0000000169514680
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary                                                                              0000000075342d1d 5 bytes JMP 0000000169514360
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList                                                                      0000000075ced2b4 5 bytes JMP 0000000169513b60
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo                                                                        0000000075ced4ee 5 bytes JMP 0000000169513b80
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!CreateWindowExW                                                                              00000000757b8a29 5 bytes JMP 0000000169513a40
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA                                                                          00000000757c4572 5 bytes JMP 00000001695142e0
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW                                                                          00000000757de567 5 bytes JMP 0000000169514350
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW                                                                     00000000758007d7 5 bytes JMP 0000000169513850
.text  C:\Users\moonlab\Desktop\Gmer-19357.exe[4284] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo                                                                   0000000075817a5c 5 bytes JMP 00000001695142d0

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\083e8ee2f938                                                                                               
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\083e8ee2f938 (not active ControlSet)                                                                           

---- EOF - GMER 2.1 ----
         
__________________


Alt 22.11.2015, 00:41   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Hi,

so sehr ich opensource mag (linux, mozilla, ...) bi Virenscannern kannste ClamAV vergessen.

Wenn ich so deine Beschreibung sehe und was du noch für Software einsetzt (ZoneAlarm) muss man sich schon fragen, ob du dich nicht wegen irgendwas verrückt machen lässt, was du aber nicht beschreibst.
__________________
__________________

Alt 22.11.2015, 09:16   #4
dorle17
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Moin,

und Danke für deine Antwort - auch wenn ich deinen zweiten Satz zum Ende hin nicht ganz deuten kann.

Bei der Aktualisierung von LiberKey bin ich über ClamWin gestolpert und wollte es mal testen. Gut möglich, dass ich mich unnötig verrückt mache, aber natürlich haben mich die Funde verunsichert, zumal ich den Rechner auch dienstlich nutze.

Kurze Erklärung: ZoneAlarm ist mein Standard Scanner/Firewall und MBAM und ADWCleaner laufen nach Bedarf alle paar Wochen mal durch. Der Defender ist primär nicht im Einsatz. Ist das ungewöhnlich?

Verstehe ich dich jetzt richtig, dass ich die ClamWin und seine Funde getrost ignorieren kann?

Alt 22.11.2015, 16:55   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



ClamAV taugt kaum etwas! Die Erkennungsrate ist im Vergleich zu anderen Scannern sehr viel niedriger und die Fehlalarmquote höher!

Personal Firewall wie ZoneAlarm waren übrigens schon immer Schwachsinn. Verwende die Windows-Firewall, mehr benötigt man nicht.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2015, 17:43   #6
dorle17
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Also ein False Positive - dann muss ich wohl doch nicht an meinem Netzverhalten zweifeln
Danke, dass Du Dir die Zeit genommen hast und auch für die Nachhilfe. Wenn ich noch eins fragen darf: Welche AV empfiehlst Du in Verbindung mit der Windows-Firewall?

Alt 22.11.2015, 17:48   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



MSE oder Emsisoft. MSE ist ab Windows 8 fest eingebaut und als Windows Defender verfügbar.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.11.2015, 17:56   #8
dorle17
 
Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Standard

Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin



Alles klar. Danke nochmals für Deine Hilfe und ein schönes Restwochenende!

Antwort

Themen zu Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin
adwcleaner, aktuelle, aktuellen, clamwin, defender, diverse, dnsapi.dll, feedback, folge, folgen, gefunde, gefundene, gefundenen, geschickt, heute, mbam, nicht, ram, ramnit, rückmeldung, sichert, signaturen, starmoney, windows, windows defender, zonealarm, zuverlässig



Ähnliche Themen: Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin


  1. W32 Ramnit A Formatierung Fragen
    Plagegeister aller Art und deren Bekämpfung - 15.08.2013 (3)
  2. W32/Ramnit.A und HTML/Drop.Agent.AB
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (2)
  3. W32/Ramnit.A Garantie
    Plagegeister aller Art und deren Bekämpfung - 22.03.2013 (1)
  4. W32/Ramnit.A Infektion
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (1)
  5. Ist der Ramnit noch drauf?
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (12)
  6. W32/Ramnit.A loswerden?
    Plagegeister aller Art und deren Bekämpfung - 17.12.2012 (12)
  7. W32 Ramnit c
    Plagegeister aller Art und deren Bekämpfung - 29.07.2012 (2)
  8. Ramnit Virus
    Log-Analyse und Auswertung - 04.04.2012 (1)
  9. Befall USB-Stick mit Ramnit und Kryptik.ING
    Plagegeister aller Art und deren Bekämpfung - 09.03.2012 (3)
  10. ramnit userinit.exe (Security.Hijack) Pc startet nicht mehr
    Log-Analyse und Auswertung - 25.06.2011 (1)
  11. antivir hat W32/Ramnit.C gefunden
    Log-Analyse und Auswertung - 25.04.2011 (1)
  12. Windows-Virus W32/Ramnit.C
    Plagegeister aller Art und deren Bekämpfung - 18.04.2011 (1)
  13. Hartnäckige W32/ramnit.c Infektion
    Plagegeister aller Art und deren Bekämpfung - 28.03.2011 (1)
  14. W32/Ramnit.C -> Wie System wieder aufsetzen?
    Plagegeister aller Art und deren Bekämpfung - 23.03.2011 (5)
  15. Ramnit.a und Ramnit.h/öffnen von tabs in firefox
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (3)
  16. HTML/Drop.Agent.AB bzw. W32/Ramnit.C
    Plagegeister aller Art und deren Bekämpfung - 14.03.2011 (3)
  17. Virus W32.Ramnit.C Skichallenge Avira
    Plagegeister aller Art und deren Bekämpfung - 14.02.2011 (78)

Zum Thema Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin - Nachdem ich heute ClamWin testweise mit aktuellen Signaturen ins Rennen geschickt habe, kam eine Rückmeldung über einen gefundenen Ramnit-Trojaner und diverse Adware. Panikscan mit boardeigenem ZoneAlarm, Windows Defender, MBAM und - Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin...
Archiv
Du betrachtest: Ramnit oder nicht Ramnit - wie zuverlässig ist ClamWin auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.