| |
| |||||||
Log-Analyse und Auswertung: Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.06.2014, 22:27
| #1 |
 |  Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich Hallo, nach einer verhinderten Hackerattacke von der Avast Firewall habe ich mehrmals pro Tag KEIN INTERNETZUGRIFF. Mein Handy und andere Computer haben immer Verbindung und die Probleme treten nur an diesem besagten Computer auf. Bitte mal die Logfiles auswerten ob da was im Busch ist. Ich habe ja immerhin viele Passwörter gespeichert zu Onlinebanking etc. Wäre schlimm wenn die in falsche Hände geraten. Vielen Dank für eure Hilfe. Logs sind leider zu groß um sie in die Box zu schreiben. Insgesamt 480271 Zeichen  also als Anhang gezipt. |
|
23.06.2014, 06:14
| #2 |
| /// the machine /// TB-Ausbilder    | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.06.2014, 11:54
| #3 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich hier die logs im Thread.. AUFGETEILT
__________________Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:43 on 22/06/2014 (Cookie)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01
Ran by Cookie (administrator) on COOKIE-PC on 22-06-2014 22:57:58
Running from C:\Users\Cookie\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(Dropbox, Inc.) C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-19] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [KeePass Password Safe 2] => D:\KeePass-2.26\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\MountPoints2: {3dea4836-c7dd-11e2-9017-002185688351} - J:\AUTORUN.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
Startup: C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: www.duckduckgo.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\amznUWL2@amazon.com.xpi [2014-03-30]
FF Extension: DuckDuckGo Plus - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-19]
==================== Services (Whitelisted) =================
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-19] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [973688 2013-11-15] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [596856 2013-11-15] (PacketVideo)
S3 OpenVPNService; "K:\OpenVPN\bin\openvpnserv.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-29] (DT Soft Ltd)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-05-02] (MCCI Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-22 22:57 - 2014-06-22 22:58 - 00016882 _____ () C:\Users\Cookie\Desktop\FRST.txt
2014-06-22 22:55 - 2014-06-22 22:57 - 02083328 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe
2014-06-22 22:45 - 2014-06-22 22:57 - 00000000 ____D () C:\FRST
2014-06-22 22:43 - 2014-06-22 22:43 - 00000474 _____ () C:\Users\Cookie\Desktop\defogger_disable.log
2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable
2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe
2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe
2014-06-20 09:05 - 2014-06-22 21:53 - 00000168 _____ () C:\Windows\setupact.log
2014-06-20 09:05 - 2014-06-20 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-18 17:00 - 2014-06-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 01:29 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 01:29 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 01:29 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 01:29 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 01:29 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 01:29 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 01:29 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 01:29 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 01:29 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 01:29 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 01:29 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 01:29 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 01:29 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 01:29 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 01:29 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 01:29 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 01:29 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 01:29 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 01:29 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 01:29 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 01:29 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 01:29 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 01:29 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 01:29 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 01:29 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 01:29 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 01:29 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 01:29 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 01:29 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 01:29 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 01:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 01:29 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 01:29 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 01:29 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 01:29 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 01:29 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 01:29 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 01:28 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 01:28 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 01:28 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 01:28 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 01:28 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 01:28 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 01:28 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 01:28 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 01:28 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 01:28 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 01:28 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 01:28 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 01:28 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 01:28 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 01:28 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 01:28 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 01:28 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 01:28 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 01:28 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 01:28 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 01:28 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 01:28 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 01:28 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag
2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt
2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt
2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip
2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\ProgramData\Team MediaPortal
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 19:47 - 2014-06-01 19:47 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-26 11:27 - 2014-05-26 11:27 - 00000000 __SHD () C:\Users\Cookie\AppData\Local\EmieUserList
2014-05-26 11:27 - 2014-05-26 11:27 - 00000000 __SHD () C:\Users\Cookie\AppData\Local\EmieSiteList
2014-05-23 12:48 - 2014-05-23 12:48 - 00000000 ____D () C:\Users\Cookie\Desktop\iso
2014-05-23 12:45 - 2014-05-23 12:50 - 00000000 ____D () C:\Users\Cookie\Desktop\Dokumente
2014-05-23 12:44 - 2014-05-26 09:26 - 00000000 ____D () C:\Users\Cookie\Desktop\Programme
2014-05-23 11:25 - 2014-06-01 20:20 - 00000000 ____D () C:\Program Files (x86)\Top Password
2014-05-23 11:25 - 2014-05-23 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSN Password Recovery
2014-05-23 11:17 - 2014-05-23 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Password Recovery Lastic
2014-05-23 11:17 - 2014-05-23 11:17 - 00000000 ____D () C:\Program Files (x86)\PasswordLastic
==================== One Month Modified Files and Folders =======
2014-06-22 22:58 - 2014-06-22 22:57 - 00016882 _____ () C:\Users\Cookie\Desktop\FRST.txt
2014-06-22 22:57 - 2014-06-22 22:55 - 02083328 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe
2014-06-22 22:57 - 2014-06-22 22:45 - 00000000 ____D () C:\FRST
2014-06-22 22:44 - 2014-02-11 14:52 - 02083071 _____ () C:\Windows\WindowsUpdate.log
2014-06-22 22:43 - 2014-06-22 22:43 - 00000474 _____ () C:\Users\Cookie\Desktop\defogger_disable.log
2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable
2014-06-22 22:43 - 2013-05-25 00:59 - 00000000 ____D () C:\Users\Cookie
2014-06-22 22:37 - 2014-04-21 19:35 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe
2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe
2014-06-22 22:32 - 2013-05-25 10:48 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-06-22 22:32 - 2013-05-25 10:48 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-06-22 22:32 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-22 22:25 - 2014-04-13 10:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-22 22:16 - 2014-03-31 20:16 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
2014-06-22 22:16 - 2014-03-31 20:16 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
2014-06-22 22:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-22 22:01 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-22 22:01 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-22 21:55 - 2013-08-31 01:33 - 00000000 ___RD () C:\Users\Cookie\Dropbox
2014-06-22 21:55 - 2013-08-31 01:32 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\Dropbox
2014-06-22 21:54 - 2014-05-19 22:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-22 21:54 - 2014-05-03 10:45 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DropboxMaster
2014-06-22 21:53 - 2014-06-20 09:05 - 00000168 _____ () C:\Windows\setupact.log
2014-06-22 21:53 - 2013-08-07 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-22 21:53 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-20 09:05 - 2014-06-20 09:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-19 21:40 - 2013-10-07 16:59 - 00000000 ____D () C:\Users\Cookie\Desktop\Vorwerk
2014-06-19 21:39 - 2013-10-07 17:05 - 00000106 _____ () C:\Windows\KTEL.INI
2014-06-19 21:38 - 2013-05-25 13:40 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\vlc
2014-06-18 17:01 - 2014-06-18 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:14 - 2013-05-29 14:42 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite
2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-18 00:11 - 2013-06-08 06:35 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-18 00:11 - 2013-06-08 06:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 11:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 01:36 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 01:34 - 2013-10-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 01:34 - 2013-05-25 13:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag
2014-06-11 11:40 - 2013-10-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt
2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt
2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip
2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\ProgramData\Team MediaPortal
2014-06-01 20:23 - 2014-04-21 13:36 - 00000000 ____D () C:\Users\Cookie\AppData\Local\TomTom
2014-06-01 20:23 - 2013-05-27 02:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-01 20:21 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 20:20 - 2014-05-23 11:25 - 00000000 ____D () C:\Program Files (x86)\Top Password
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 19:47 - 2014-06-01 19:47 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-30 12:21 - 2014-06-12 01:28 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 01:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 01:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 01:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:39 - 2014-06-12 01:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:38 - 2014-06-12 01:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 01:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 01:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-12 01:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-12 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 01:29 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 01:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 01:28 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 01:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 01:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 01:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 01:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 01:28 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 01:28 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 01:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 01:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 01:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 01:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 01:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 01:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 01:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 01:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 01:28 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 01:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 01:29 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 01:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 01:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 01:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 01:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 01:28 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 01:28 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 01:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 01:28 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 01:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 01:28 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 01:29 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 01:29 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 01:28 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 01:29 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 01:28 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 01:28 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-28 00:32 - 2013-08-31 01:32 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-26 11:27 - 2014-05-26 11:27 - 00000000 __SHD () C:\Users\Cookie\AppData\Local\EmieUserList
2014-05-26 11:27 - 2014-05-26 11:27 - 00000000 __SHD () C:\Users\Cookie\AppData\Local\EmieSiteList
2014-05-26 09:26 - 2014-05-23 12:44 - 00000000 ____D () C:\Users\Cookie\Desktop\Programme
2014-05-23 12:50 - 2014-05-23 12:45 - 00000000 ____D () C:\Users\Cookie\Desktop\Dokumente
2014-05-23 12:48 - 2014-05-23 12:48 - 00000000 ____D () C:\Users\Cookie\Desktop\iso
2014-05-23 11:25 - 2014-05-23 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSN Password Recovery
2014-05-23 11:17 - 2014-05-23 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Password Recovery Lastic
2014-05-23 11:17 - 2014-05-23 11:17 - 00000000 ____D () C:\Program Files (x86)\PasswordLastic
Some content of TEMP:
====================
C:\Users\Cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk1cvpo.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 10:10
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2014 01
Ran by Cookie at 2014-06-22 22:58:24
Running from C:\Users\Cookie\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aEton CommunicaEor (HKLM-x32\...\aEton CommunicaEor) (Version: 0.1.0.12 - aEton Usenet LTD)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2001026302.48.56.9251442 - Audible, Inc.)
avast! Internet Security (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Corel PaintShop Pro X5 (HKLM-x32\...\_{1563C6F2-E9B5-42DE-9EA6-207C9A8C2DFB}) (Version: 15.0.0.183 - Corel Corporation)
Corel PaintShop Pro X5 (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
Der Fall John Yesterday (Deutsch) (HKLM-x32\...\Yesterday (de)) (Version: 1.02 - CRIMSON COW)
DesignPro 5 (HKLM-x32\...\InstallShield_{F82C6574-AD88-4B40-A432-970BC77F1BD2}) (Version: 5.5.708 - Avery Dennison)
DesignPro 5 (x32 Version: 5.5.708 - Avery Dennison) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Druckerdeinstallation für EPSON XP-610 Series (HKLM\...\EPSON XP-610 Series) (Version: - SEIKO EPSON Corporation)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print 2 (HKLM-x32\...\{674E262F-72EA-41C1-AF16-9727311A4553}) (Version: 2.4.1.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{2970697F-2A11-4588-8B7F-97322D1CCF3C}) (Version: 3.10.0017 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{CEC98C2A-9ED5-49DA-9F3A-92434E0A4FA3}) (Version: 1.19.0000 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.21.00 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON-Handbücher (HKLM-x32\...\{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}) (Version: 1.32.0.0 - SEIKO EPSON CORPORATION)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
FORCED (HKLM-x32\...\Steam App 249990) (Version: - BetaDwarf)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation)
Free Audio Converter version 5.0.37.327 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.37.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
FreeRIP MP3 Converter 4.5.1 (HKLM-x32\...\{501451DE-5808-4599-B544-8BD0915B6B24}_is1) (Version: 4.5.1 - GreenTree Applications SRL)
Google Update Helper (x32 Version: 1.3.21.153 - Google Inc.) Hidden
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
ICA (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
IPM_PSP_COM (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
LAV Filters 0.61.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.61.2 - Hendrik Leppkes)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Live 8.2.1 (HKLM-x32\...\Live 8.2.1) (Version: - )
Memento Mori 2 (HKLM-x32\...\Memento Mori 2_is1) (Version: - dtp)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1460.0) (Version: 4.0.1460.0 - Microsoft Corporation)
Microsoft Expression Web 4 (x32 Version: 4.0.1460.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office FrontPage 2003 (HKLM-x32\...\{90170407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSN Password Recovery 1.0 (HKLM-x32\...\MSN Password Recovery_is1) (Version: - Top Password Software, Inc.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA Grafiktreiber 306.14 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 306.14 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.85.551 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0807 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0807 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0807 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2014 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 306.14 (Version: 306.14 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
OpenVPN 2.3.3-I002 (HKLM\...\OpenVPN) (Version: 2.3.3-I002 - )
Phase 5 HTML-Editor (HKLM-x32\...\{20B1B020-DEAE-48D1-9960-D4C3185D758B}) (Version: 5.6.2.3 - Systemberatung Schommer)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSPPContent (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 15.0.0.183 - Corel Corporation) Hidden
PSPPro64 (Version: 15.0.0.183 - Corel Corporation) Hidden
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5809 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Setup (x32 Version: 15.0.0.183 - Ihr Firmenname) Hidden
SimCity 4 (HKLM-x32\...\{01339AE5-04D4-43F8-008E-13AD788DC4F7}) (Version: - )
Skype Password DEMO version 1.5 (HKLM-x32\...\{BABBE752-6969-42EC-8EAC-4D07604BCD18}_is1) (Version: 1.5 - LastBit.com)
Skype™ 6.5 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.5.158 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
Spotify (HKCU\...\Spotify) (Version: 0.9.1.57.ge7405149 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
Tinypic 3.18 (HKLM-x32\...\{E3723A04-A894-4036-A78E-282E18F43C0A}_is1) (Version: Tinypic 3.18 - E. Fiedler)
Twonky Server (HKLM-x32\...\TwonkyServer) (Version: 7.2.6.0 - PacketVideo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VL Sound 5.1 (HKLM-x32\...\VL Sound 5.1) (Version: - Valera Lavrov)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.66 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Password Recovery Lastic 1.1 (HKLM-x32\...\Windows Password Recovery Lastic_is1) (Version: - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-04-22 03:39 - 00511162 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {0F3C4BD4-5F09-408B-BCAE-1182F02B9F35} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {23007685-672B-4E28-812B-B331BC521DB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {2CC8BC4F-E38C-49E1-BE82-E9F9A065B764} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: {3A09972A-8460-461D-9A06-2CFB0ED0FD28} - System32\Tasks\Open VPN => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2014-04-14] ()
Task: {4A5C0D1C-BE0F-46D2-A00F-DF1943E998A3} - System32\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {6165605E-EA0A-4534-AE74-1360EAA3B44C} - System32\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612} => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2013-02-28] (SEIKO EPSON CORPORATION)
Task: {634F1069-3FBD-47AD-922A-A83E1EEBEF9B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {71450FE5-448B-4067-8443-F62C3F365BF5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-19] (AVAST Software)
Task: {F6245656-0050-465B-834B-7BD51FD82442} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-05-27 04:15 - 2012-08-28 09:50 - 00086888 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-09-11 20:00 - 2013-10-17 17:32 - 00020472 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-11-15 13:12 - 2013-11-15 13:12 - 00973688 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
2013-11-15 13:12 - 2013-11-15 13:12 - 02358136 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe
2014-06-22 00:39 - 2014-06-22 00:39 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062101\algo.dll
2014-06-22 21:54 - 2014-06-22 21:54 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062201\algo.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-15 13:12 - 2013-11-15 13:12 - 00228216 _____ () C:\Program Files (x86)\Twonky\TwonkyServer\wmdrmdll.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-06-22 21:54 - 2014-06-22 21:54 - 00043008 _____ () c:\users\cookie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk1cvpo.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Cookie\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-19 22:43 - 2014-05-19 22:43 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: !SASCORE => 2
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/22/2014 09:55:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/22/2014 00:40:24 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/20/2014 09:07:07 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/19/2014 09:19:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 17 1.0.0.127.in-addr.arpa. PTR Cookie-PC.local.
Error: (06/19/2014 09:19:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353 19 1.0.0.127.in-addr.arpa. PTR Cookie-PC-2.local.
Error: (06/19/2014 02:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 13088
Error: (06/19/2014 02:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 13088
Error: (06/19/2014 02:37:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 02:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12059
Error: (06/19/2014 02:37:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12059
System errors:
=============
Error: (06/18/2014 09:26:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/18/2014 09:26:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (06/12/2014 09:56:43 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1000) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x8007045b
Error: (06/03/2014 11:20:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (06/03/2014 11:20:19 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (06/03/2014 11:20:19 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
Error: (06/01/2014 08:22:13 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "TVService" ist von folgendem Dienst abhängig: MySQL. Dieser Dienst ist eventuell nicht installiert.
Error: (05/28/2014 07:35:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Acrobat Update Service erreicht.
Error: (05/28/2014 01:59:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/28/2014 01:59:16 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 38%
Total physical RAM: 3070.18 MB
Available physical RAM: 1873.2 MB
Total Pagefile: 7568.36 MB
Available Pagefile: 6076.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:249.9 GB) (Free:101.58 GB) NTFS
Drive d: (DATA) (Fixed) (Total:346.17 GB) (Free:137.88 GB) NTFS
Drive j: (KIJAN2013CD1) (CDROM) (Total:0.68 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: BF587EF3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=346 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2014, 11:57
| #4 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichCode:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-22 23:10:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD6400AACS-00G8B0 rev.05.04C05 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\Cookie\AppData\Local\Temp\pwdirpoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037fb000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800037fb011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 000000014a230460
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 000000014a230450
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 000000014a230370
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 000000014a230470
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 000000014a2303e0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 000000014a230320
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 000000014a2303b0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 000000014a230390
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 000000014a2302e0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 000000014a2302d0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 000000014a230310
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 000000014a2303c0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 000000014a2303f0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 000000014a230230
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 000000014a230480
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 000000014a2303a0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 000000014a2302f0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 000000014a230350
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 000000014a230290
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 000000014a2302b0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 000000014a2303d0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 000000014a230330
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 000000014a230410
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 000000014a230240
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 000000014a2301e0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 000000014a230250
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 000000014a230490
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 000000014a2304a0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 000000014a230300
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 000000014a230360
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 000000014a2302a0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 000000014a2302c0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 000000014a230380
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 000000014a230340
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 000000014a230440
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 000000014a230260
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 000000014a230270
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 000000014a230400
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 000000014a2301f0
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 000000014a230210
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 000000014a230200
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 000000014a230420
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 000000014a230430
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 000000014a230220
.text C:\Windows\system32\csrss.exe[412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 000000014a230280
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\wininit.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\wininit.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 000000014a230460
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 000000014a230450
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 000000014a230370
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 000000014a230470
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 000000014a2303e0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 000000014a230320
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 000000014a2303b0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 000000014a230390
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 000000014a2302e0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 000000014a2302d0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 000000014a230310
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 000000014a2303c0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 000000014a2303f0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 000000014a230230
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 000000014a230480
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 000000014a2303a0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 000000014a2302f0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 000000014a230350
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 000000014a230290
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 000000014a2302b0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 000000014a2303d0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 000000014a230330
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 000000014a230410
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 000000014a230240
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 000000014a2301e0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 000000014a230250
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 000000014a230490
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 000000014a2304a0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 000000014a230300
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 000000014a230360
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 000000014a2302a0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 000000014a2302c0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 000000014a230380
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 000000014a230340
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 000000014a230440
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 000000014a230260
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 000000014a230270
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 000000014a230400
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 000000014a2301f0
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 000000014a230210
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 000000014a230200
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 000000014a230420
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 000000014a230430
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 000000014a230220
.text C:\Windows\system32\csrss.exe[488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 000000014a230280
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\services.exe[524] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\services.exe[524] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\lsass.exe[544] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\lsm.exe[552] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\winlogon.exe[616] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
|
|
23.06.2014, 11:58
| #5 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichCode:
ATTFilter .text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\nvvsvc.exe[768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[808] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\System32\svchost.exe[884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\System32\svchost.exe[960] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\System32\svchost.exe[960] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[204] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\svchost.exe[204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1216] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
|
|
23.06.2014, 11:59
| #6 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichCode:
ATTFilter .text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\nvvsvc.exe[1228] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\System32\spoolsv.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\svchost.exe[1532] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1596] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075be8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1596] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1596] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1712] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\system32\taskhost.exe[1884] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\Dwm.exe[1940] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
|
|
23.06.2014, 12:01
| #7 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichCode:
ATTFilter .text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\Explorer.EXE[360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\Explorer.EXE[360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1200] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Program Files\Bonjour\mDNSResponder.exe[1160] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe[2000] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[2160] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075be8791 5 bytes JMP 000000016f191170
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[2160] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\EscSvc64.exe[2248] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe[2268] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe[2380] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[2412] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[2440] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe[2600] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe[2644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2328] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\PixArt\Pac207\Monitor.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\Twonky\TwonkyServer\TwonkyServer.exe[2956] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2864] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
|
|
23.06.2014, 12:02
| #8 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglichCode:
ATTFilter .text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\System32\StikyNot.exe[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE[2836] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1828] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe[2816] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe[312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe[2184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe[2184] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000077411465 2 bytes [41, 77]
.text C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe[2184] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000774114bb 2 bytes [41, 77]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000077410460
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000077410450
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000077410370
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000077410470
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000000774103e0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000077410320
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000000774103b0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000077410390
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000000774102e0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000000774102d0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000077410310
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000000774103c0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000000774103f0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000077410230
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000077410480
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000000774103a0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000000774102f0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000077410350
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000077410290
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000000774102b0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000000774103d0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000077410330
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000077410410
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000077410240
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000000774101e0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000077410250
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000077410490
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000000774104a0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000077410300
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000077410360
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000000774102a0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000000774102c0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000077410380
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000077410340
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000077410440
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000077410260
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000077410270
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000077410400
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000000774101f0
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000077410210
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000077410200
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000077410420
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000077410430
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000077410220
.text C:\Windows\system32\SearchIndexer.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000077410280
.text C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe[3496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3644] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075be8791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3644] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000772b1360 5 bytes JMP 0000000100070460
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000772b13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000772b1510 5 bytes JMP 0000000100070370
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000772b1560 5 bytes JMP 0000000100070470
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000772b1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000772b1620 5 bytes JMP 0000000100070320
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000772b1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000772b1670 5 bytes JMP 0000000100070390
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000772b16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000772b1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000772b1750 5 bytes JMP 0000000100070310
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000772b1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000772b17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000772b1940 5 bytes JMP 0000000100070230
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000772b1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000772b1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000772b1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000772b1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000772b1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000772b1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000772b1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000772b1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000772b1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000772b1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000772b20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000772b2160 5 bytes JMP 0000000100070250
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000772b2190 5 bytes JMP 0000000100070490
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000772b21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000772b21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000772b21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000772b2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000772b2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000772b22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000772b22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000772b25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000772b27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000772b27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000772b27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000772b29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000772b29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000772b2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000772b2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000772b2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000772b2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\iPod\bin\iPodService.exe[3304] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000772b2b80 5 bytes JMP 0000000100070280
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe[4316] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4844] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007719ef8d 1 byte [62]
.text C:\Users\Cookie\Desktop\Gmer-19357.exe[2628] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 0000000075c0a2fd 1 byte [62]
---- Processes - GMER 2.1 ----
Library C:\Users\Cookie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2184](2014-01-03 01:09:26) 0000000004020000
Library c:\users\cookie\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpk1cvpo.dll (*** suspicious ***) @ C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2184](2014-06-22 19:54:48) 0000000003d80000
Library C:\Users\Cookie\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2184](2013-08-23 19:01:44) 0000000066230000
Library C:\Users\Cookie\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2184] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000658a0000
---- EOF - GMER 2.1 ----
|
|
23.06.2014, 18:57
| #9 |
| /// the machine /// TB-Ausbilder | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 22:12
| #10 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich hi schrauber, combo fix hat ohne muren durchgescannt. hat ungefähr 12 min gedauert. Hier das logfile:  Code:
ATTFilter ComboFix 14-06-24.01 - Cookie 27.06.2014 22:41:30.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.1395 [GMT 2:00]
ausgeführt von:: c:\users\Cookie\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-27 bis 2014-06-27 ))))))))))))))))))))))))))))))
.
.
2014-06-27 20:51 . 2014-06-27 20:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-22 20:45 . 2014-06-22 20:59 -------- d-----w- C:\FRST
2014-06-11 23:28 . 2014-05-30 08:44 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-06-01 18:24 . 2014-06-01 18:24 -------- d-----w- c:\programdata\Team MediaPortal
2014-06-01 18:19 . 2014-06-01 18:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-06-01 18:19 . 2014-06-01 18:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-06-01 18:19 . 2014-06-01 18:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-06-01 18:19 . 2014-06-01 18:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-06-01 18:19 . 2014-06-01 18:19 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-06-01 18:19 . 2014-06-01 18:19 -------- d-----w- c:\program files (x86)\QuickTime
2014-06-01 17:47 . 2014-06-01 17:47 -------- d-----w- c:\program files\iPod
2014-06-01 17:47 . 2014-06-01 17:47 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 17:47 . 2014-06-01 17:47 -------- d-----w- c:\program files\iTunes
2014-06-01 17:47 . 2014-06-01 17:47 -------- d-----w- c:\program files (x86)\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-11 23:34 . 2013-05-25 11:56 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-19 20:44 . 2014-05-19 20:44 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-19 20:44 . 2014-05-19 20:44 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-19 20:44 . 2014-05-19 20:43 447888 ----a-w- c:\windows\system32\drivers\aswNdisFlt.sys
2014-05-19 20:44 . 2014-05-19 20:44 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-19 20:43 . 2014-05-19 20:44 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-19 20:43 . 2014-05-19 20:44 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-19 20:43 . 2014-05-19 20:44 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-19 20:43 . 2014-05-19 20:44 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-19 20:43 . 2014-05-19 20:44 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-19 20:43 . 2014-05-19 20:43 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-05-19 20:43 . 2014-05-19 20:43 43152 ----a-w- c:\windows\avastSS.scr
2014-05-19 20:43 . 2014-05-19 20:43 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2014-05-14 07:28 . 2014-04-13 08:58 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 07:28 . 2014-04-13 08:58 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-09 06:14 . 2014-05-14 07:34 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 07:34 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-20 10:27 . 2013-05-27 00:35 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2014-04-12 02:22 . 2014-05-14 07:34 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 07:34 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 07:34 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 07:34 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 07:34 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 07:34 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 07:34 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 07:34 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 07:34 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2014-03-30 22:08 . 2014-03-30 22:08 255352 ----a-w- c:\windows\SysWow64\awrdscdc.ax
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE" [2013-01-24 297024]
"KeePass Password Safe 2"="d:\keepass-2.26\KeePass.exe" [2014-04-13 2099200]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2013-03-28 1058880]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-05-19 3873704]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-05-26 152392]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
.
c:\users\Cookie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Twonky Server.lnk - c:\program files (x86)\Twonky\TwonkyServer\twonkytray.exe [2013-11-15 977784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys;c:\windows\SYSNATIVE\Drivers\ssadadb.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys;c:\windows\SYSNATIVE\DRIVERS\lv302a64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys;c:\windows\SYSNATIVE\drivers\LVUSBS64.sys [x]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys;c:\windows\SYSNATIVE\drivers\nusb3hub.sys [x]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys;c:\windows\SYSNATIVE\drivers\nusb3xhc.sys [x]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS;c:\windows\SYSNATIVE\DRIVERS\PFC027.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S0 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/12/19 22:43];c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]
S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;c:\program files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TwonkyProxy;TwonkyProxy;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [x]
S2 TwonkyServer;TwonkyServer;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe;c:\program files (x86)\Twonky\TwonkyServer\twonkystarter.exe [x]
S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-13 07:28]
.
2014-06-27 c:\windows\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-03-31 23:20]
.
2014-06-27 c:\windows\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
- c:\windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE [2014-03-31 23:20]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 11:10]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-28 11:10]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-19 20:43 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Cookie\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-03-12 7220768]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-12 1833504]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.dell.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\Microsoft Office\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo
FF - prefs.js: browser.startup.homepage - www.duckduckgo.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-GoogleDriveSync - c:\program files (x86)\Google\Drive\googledrivesync.exe
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-NVIDIAStereo - c:\program files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe
AddRemove-VL Sound 5.1 - c:\program files (x86)\WinAmp\Plugins\uninstall_vlsound.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\users\Cookie\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-27 22:57:51 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-06-27 20:57
.
Vor Suchlauf: 13 Verzeichnis(se), 109.001.564.160 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 108.629.958.656 Bytes frei
.
- - End Of File - - C616DF6874A0AF7E73CA52E6E01674E3
A36C5E4F47E84449FF07ED3517B43A31
|
|
28.06.2014, 18:27
| #11 |
| /// the machine /// TB-Ausbilder | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.06.2014, 02:19
| #12 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich so, hier die gewünschten logs... Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 29.06.2014 Suchlauf-Zeit: 02:35:38 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.28.05 Rootkit Datenbank: v2014.06.23.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Cookie Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 360652 Verstrichene Zeit: 9 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.Softonic.A, HKU\S-1-5-21-1871796143-3288037916-4018662872-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [1db835487cff06301612734de31f31cf], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.OpenCandy, C:\Users\Cookie\Downloads\DTLite4481-0347.exe, In Quarantäne, [488da5d86f0cc175ff4b595618eced13], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 29/06/2014 um 02:54:09
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Cookie - COOKIE-PC
# Gestartet von : C:\Users\Cookie\Desktop\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
Ordner Gelöscht : C:\Users\Cookie\AppData\Local\DownloadGuide
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [1858 octets] - [29/06/2014 02:52:52]
AdwCleaner[S0].txt - [1720 octets] - [29/06/2014 02:54:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1780 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Cookie on 29.06.2014 at 2:57:53,01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Cookie\AppData\Roaming\mozilla\firefox\profiles\g5yonxt2.default\minidumps [188 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.06.2014 at 3:06:08,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
kannst du schon sagen was nun war / oder ist?  FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-06-2014 01 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by Cookie (administrator) on COOKIE-PC on 29-06-2014 03:15:38
Running from C:\Users\Cookie\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-19] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [KeePass Password Safe 2] => D:\KeePass-2.26\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk
ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default
FF Homepage: www.duckduckgo.de
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\ixquick-https.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Add to Amazon Wish List Button - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\amznUWL2@amazon.com.xpi [2014-03-30]
FF Extension: DuckDuckGo Plus - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-19]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-31]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-19]
==================== Services (Whitelisted) =================
S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-19] (AVAST Software)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [973688 2013-11-15] ()
R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [596856 2013-11-15] (PacketVideo)
S3 OpenVPNService; "K:\OpenVPN\bin\openvpnserv.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-19] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-29] (DT Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-05-02] (MCCI Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-29 03:15 - 2014-06-29 03:15 - 00016695 _____ () C:\Users\Cookie\Desktop\FRST.txt
2014-06-29 03:06 - 2014-06-29 03:06 - 00000900 _____ () C:\Users\Cookie\Desktop\JRT.txt
2014-06-29 02:57 - 2014-06-29 02:57 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 02:52 - 2014-06-29 02:54 - 00000000 ____D () C:\AdwCleaner
2014-06-29 02:51 - 2014-06-29 02:51 - 00001429 _____ () C:\mbam.txt
2014-06-29 02:34 - 2014-06-29 02:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 02:34 - 2014-06-29 02:34 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-29 02:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-29 02:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-29 02:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-29 02:32 - 2014-06-29 02:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cookie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-29 02:32 - 2014-06-29 02:32 - 01016261 _____ (Thisisu) C:\Users\Cookie\Desktop\JRT.exe
2014-06-29 02:31 - 2014-06-29 02:31 - 01342659 _____ () C:\Users\Cookie\Desktop\adwcleaner_3.213.exe
2014-06-27 23:02 - 2014-06-27 23:02 - 00023934 _____ () C:\Users\Cookie\Desktop\combofix.txt
2014-06-27 22:57 - 2014-06-27 22:57 - 00023934 _____ () C:\ComboFix.txt
2014-06-27 22:52 - 2014-06-29 02:55 - 00001442 _____ () C:\Windows\PFRO.log
2014-06-27 22:39 - 2014-06-27 22:57 - 00000000 ____D () C:\Qoobox
2014-06-27 22:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-27 22:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-27 22:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-27 22:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-27 22:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-27 22:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-27 22:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-27 22:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-27 22:38 - 2014-06-27 22:56 - 00000000 ____D () C:\Windows\erdnt
2014-06-27 22:34 - 2014-06-29 02:55 - 00000392 _____ () C:\Windows\setupact.log
2014-06-27 22:34 - 2014-06-27 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-25 09:41 - 2014-06-25 09:41 - 05211571 ____R (Swearware) C:\Users\Cookie\Desktop\ComboFix.exe
2014-06-23 09:04 - 2014-06-27 10:44 - 00000000 ____D () C:\Windows\Minidump
2014-06-22 23:26 - 2014-06-22 23:26 - 00034171 _____ () C:\Users\Cookie\Desktop\logfiles.zip
2014-06-22 22:55 - 2014-06-22 22:57 - 02083328 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe
2014-06-22 22:45 - 2014-06-29 03:15 - 00000000 ____D () C:\FRST
2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable
2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe
2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe
2014-06-18 17:00 - 2014-06-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 01:29 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 01:29 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 01:29 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 01:29 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 01:29 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 01:29 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 01:29 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 01:29 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 01:29 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 01:29 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 01:29 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 01:29 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 01:29 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 01:29 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 01:29 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 01:29 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 01:29 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 01:29 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 01:29 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 01:29 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 01:29 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 01:29 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 01:29 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 01:29 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 01:29 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 01:29 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 01:29 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 01:29 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 01:29 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 01:29 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 01:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 01:29 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 01:29 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 01:29 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 01:29 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 01:29 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 01:29 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 01:28 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 01:28 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 01:28 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 01:28 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 01:28 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 01:28 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 01:28 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 01:28 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 01:28 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 01:28 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 01:28 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 01:28 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 01:28 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 01:28 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 01:28 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 01:28 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 01:28 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 01:28 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 01:28 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 01:28 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 01:28 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 01:28 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 01:28 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag
2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt
2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt
2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip
2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\ProgramData\Team MediaPortal
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 19:47 - 2014-06-01 19:47 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
==================== One Month Modified Files and Folders =======
2014-06-29 03:16 - 2014-06-29 03:15 - 00016695 _____ () C:\Users\Cookie\Desktop\FRST.txt
2014-06-29 03:16 - 2014-03-31 20:16 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
2014-06-29 03:16 - 2014-03-31 20:16 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612}.job
2014-06-29 03:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-29 03:15 - 2014-06-22 22:45 - 00000000 ____D () C:\FRST
2014-06-29 03:15 - 2014-04-21 19:35 - 00000000 ____D () C:\ProgramData\TwonkyServer
2014-06-29 03:06 - 2014-06-29 03:06 - 00000900 _____ () C:\Users\Cookie\Desktop\JRT.txt
2014-06-29 03:03 - 2013-05-25 10:48 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-06-29 03:03 - 2013-05-25 10:48 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-06-29 03:03 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 03:03 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-29 03:03 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-29 02:57 - 2014-06-29 02:57 - 00000000 ____D () C:\Windows\ERUNT
2014-06-29 02:57 - 2014-06-29 02:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-29 02:55 - 2014-06-27 22:52 - 00001442 _____ () C:\Windows\PFRO.log
2014-06-29 02:55 - 2014-06-27 22:34 - 00000392 _____ () C:\Windows\setupact.log
2014-06-29 02:55 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-29 02:54 - 2014-06-29 02:52 - 00000000 ____D () C:\AdwCleaner
2014-06-29 02:54 - 2014-02-11 14:52 - 01195096 _____ () C:\Windows\WindowsUpdate.log
2014-06-29 02:51 - 2014-06-29 02:51 - 00001429 _____ () C:\mbam.txt
2014-06-29 02:47 - 2010-11-21 09:17 - 00000000 ____D () C:\Windows\CSC
2014-06-29 02:34 - 2014-06-29 02:34 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-29 02:32 - 2014-06-29 02:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cookie\Desktop\mbam-setup-2.0.2.1012.exe
2014-06-29 02:32 - 2014-06-29 02:32 - 01016261 _____ (Thisisu) C:\Users\Cookie\Desktop\JRT.exe
2014-06-29 02:31 - 2014-06-29 02:31 - 01342659 _____ () C:\Users\Cookie\Desktop\adwcleaner_3.213.exe
2014-06-29 02:25 - 2014-04-13 10:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-29 02:25 - 2013-05-25 13:40 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\vlc
2014-06-27 23:34 - 2013-08-31 01:33 - 00000000 ___RD () C:\Users\Cookie\Dropbox
2014-06-27 23:31 - 2013-08-31 01:32 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\Dropbox
2014-06-27 23:09 - 2014-05-03 10:45 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DropboxMaster
2014-06-27 23:02 - 2014-06-27 23:02 - 00023934 _____ () C:\Users\Cookie\Desktop\combofix.txt
2014-06-27 22:57 - 2014-06-27 22:57 - 00023934 _____ () C:\ComboFix.txt
2014-06-27 22:57 - 2014-06-27 22:39 - 00000000 ____D () C:\Qoobox
2014-06-27 22:56 - 2014-06-27 22:38 - 00000000 ____D () C:\Windows\erdnt
2014-06-27 22:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-27 22:52 - 2009-07-14 04:34 - 72613888 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-27 22:52 - 2009-07-14 04:34 - 21495808 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-27 22:52 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-27 22:52 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-27 22:52 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-27 22:34 - 2014-06-27 22:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-27 10:44 - 2014-06-23 09:04 - 00000000 ____D () C:\Windows\Minidump
2014-06-26 20:45 - 2014-05-19 22:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-25 09:41 - 2014-06-25 09:41 - 05211571 ____R (Swearware) C:\Users\Cookie\Desktop\ComboFix.exe
2014-06-22 23:26 - 2014-06-22 23:26 - 00034171 _____ () C:\Users\Cookie\Desktop\logfiles.zip
2014-06-22 22:57 - 2014-06-22 22:55 - 02083328 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe
2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable
2014-06-22 22:43 - 2013-05-25 00:59 - 00000000 ____D () C:\Users\Cookie
2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe
2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe
2014-06-22 21:53 - 2013-08-07 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-19 21:40 - 2013-10-07 16:59 - 00000000 ____D () C:\Users\Cookie\Desktop\Vorwerk
2014-06-19 21:39 - 2013-10-07 17:05 - 00000106 _____ () C:\Windows\KTEL.INI
2014-06-18 17:01 - 2014-06-18 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-18 00:14 - 2013-05-29 14:42 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite
2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-18 00:11 - 2013-06-08 06:35 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-18 00:11 - 2013-06-08 06:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 11:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 01:36 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 01:34 - 2013-10-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-12 01:34 - 2013-05-25 13:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag
2014-06-11 11:40 - 2013-10-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt
2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt
2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip
2014-06-01 20:24 - 2014-06-01 20:24 - 00000000 ____D () C:\ProgramData\Team MediaPortal
2014-06-01 20:23 - 2014-04-21 13:36 - 00000000 ____D () C:\Users\Cookie\AppData\Local\TomTom
2014-06-01 20:23 - 2013-05-27 02:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-01 20:21 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-01 20:20 - 2014-05-23 11:25 - 00000000 ____D () C:\Program Files (x86)\Top Password
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-06-01 20:19 - 2014-06-01 20:19 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-01 19:47 - 2014-06-01 19:47 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iTunes
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files\iPod
2014-06-01 19:47 - 2014-06-01 19:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-05-30 12:21 - 2014-06-12 01:28 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 01:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 01:29 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 01:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:39 - 2014-06-12 01:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:38 - 2014-06-12 01:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 01:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 01:28 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 01:28 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:21 - 2014-06-12 01:28 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:20 - 2014-06-12 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 01:29 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 01:28 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 01:28 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 01:29 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 01:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 01:29 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 01:28 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 01:28 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 01:28 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 01:28 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 01:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 01:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 01:29 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 01:29 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 01:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 01:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 01:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 01:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 01:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 01:29 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 01:28 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 01:29 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 01:29 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 01:29 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 01:28 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 01:29 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 01:29 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 01:28 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 01:28 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 01:29 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 01:28 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 01:29 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 01:28 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 01:29 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 01:29 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 01:28 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 01:29 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 01:28 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 01:28 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4qrddt.dll
C:\Users\Cookie\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 10:31
==================== End Of Log ============================
--- --- --- |
|
29.06.2014, 12:33
| #13 |
| /// the machine /// TB-Ausbilder | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich Jede Menge Adware  ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.07.2014, 22:33
| #14 |
| | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich hi, hier die gewünschten logs.. hatte wenig Zeit die Tage.. Internetverbindung ist nicht mehr abgebrochen!!!! :-) so hier das von eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=6eb9cff27d93774085faf9b3814bf2a8
# engine=19004
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-07-03 02:57:58
# local_time=2014-07-03 04:57:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=781 16777213 100 92 717744 6657040 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 198365 156029328 0 0
# scanned=434852
# found=0
# cleaned=0
# scan_time=11568
Code:
ATTFilter Results of screen317's Security Check version 0.99.83 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` avast! Antivirus Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Adobe Flash Player 13.0.0.214 Adobe Reader XI Mozilla Firefox (30.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe AVAST Software Avast AvastSvc.exe AVAST Software Avast afwServ.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-07-2014 Ran by Cookie (administrator) on COOKIE-PC on 03-07-2014 22:51:40 Running from C:\Users\Cookie\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE () C:\Program Files (x86)\Twonky\TwonkyServer\twonkyserver.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILQE.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (PacketVideo) C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7220768 2009-03-12] (Realtek Semiconductor) HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-03-12] (Realtek Semiconductor Corp.) HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058880 2013-03-28] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704 2014-05-19] (AVAST Software) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [KeePass Password Safe 2] => D:\KeePass-2.26\KeePass.exe [2099200 2014-04-13] (Dominik Reichl) HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-1871796143-3288037916-4018662872-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Twonky Server.lnk ShortcutTarget: Twonky Server.lnk -> C:\Program Files (x86)\Twonky\TwonkyServer\twonkytray.exe (PacketVideo) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.dell.com StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default FF Homepage: www.duckduckgo.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Add to Amazon Wish List Button - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\amznUWL2@amazon.com.xpi [2014-03-30] FF Extension: DuckDuckGo Plus - C:\Users\Cookie\AppData\Roaming\Mozilla\Firefox\Profiles\g5yonxt2.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-04-19] FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-03-31] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-05-19] ==================== Services (Whitelisted) ================= S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-11] (SUPERAntiSpyware.com) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-19] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109048 2014-05-19] (AVAST Software) R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink) R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 TwonkyProxy; C:\Program Files (x86)\Twonky\TwonkyServer\twonkyproxy.exe [973688 2013-11-15] () R2 TwonkyServer; C:\Program Files (x86)\Twonky\TwonkyServer\twonkystarter.exe [596856 2013-11-15] (PacketVideo) S3 OpenVPNService; "K:\OpenVPN\bin\openvpnserv.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-19] () R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-05-19] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-19] (AVAST Software) R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [447888 2014-05-19] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-19] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-19] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-19] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-19] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-19] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-19] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-29] (DT Soft Ltd) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.) R3 Ph3xIB64; C:\Windows\System32\DRIVERS\Ph3xIB64.sys [1627520 2009-06-10] (NXP Semiconductors) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [158024 2013-05-02] (MCCI Corporation) R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.) S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Users\Cookie\Desktop\FRST-OlderVersion 2014-07-03 13:37 - 2014-07-03 13:37 - 02347384 _____ (ESET) C:\Users\Cookie\Desktop\esetsmartinstaller_deu.exe 2014-07-03 13:37 - 2014-07-03 13:37 - 00854367 _____ () C:\Users\Cookie\Desktop\SecurityCheck.exe 2014-06-29 03:15 - 2014-07-03 22:51 - 00016989 _____ () C:\Users\Cookie\Desktop\FRST.txt 2014-06-29 03:06 - 2014-06-29 03:06 - 00000900 _____ () C:\Users\Cookie\Desktop\JRT.txt 2014-06-29 02:57 - 2014-06-29 02:57 - 00000000 ____D () C:\Windows\ERUNT 2014-06-29 02:52 - 2014-06-29 02:54 - 00000000 ____D () C:\AdwCleaner 2014-06-29 02:51 - 2014-06-29 02:51 - 00001429 _____ () C:\mbam.txt 2014-06-29 02:34 - 2014-07-03 22:48 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-29 02:34 - 2014-06-29 02:34 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-29 02:34 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-29 02:34 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-29 02:34 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-29 02:32 - 2014-06-29 02:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cookie\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-29 02:32 - 2014-06-29 02:32 - 01016261 _____ (Thisisu) C:\Users\Cookie\Desktop\JRT.exe 2014-06-29 02:31 - 2014-06-29 02:31 - 01342659 _____ () C:\Users\Cookie\Desktop\adwcleaner_3.213.exe 2014-06-27 23:02 - 2014-06-27 23:02 - 00023934 _____ () C:\Users\Cookie\Desktop\combofix.txt 2014-06-27 22:57 - 2014-06-27 22:57 - 00023934 _____ () C:\ComboFix.txt 2014-06-27 22:52 - 2014-06-29 02:55 - 00001442 _____ () C:\Windows\PFRO.log 2014-06-27 22:39 - 2014-06-27 22:57 - 00000000 ____D () C:\Qoobox 2014-06-27 22:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-27 22:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-27 22:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-27 22:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-27 22:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-27 22:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-27 22:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-27 22:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-27 22:38 - 2014-06-27 22:56 - 00000000 ____D () C:\Windows\erdnt 2014-06-27 22:34 - 2014-07-03 12:50 - 00000728 _____ () C:\Windows\setupact.log 2014-06-27 22:34 - 2014-06-27 22:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-25 09:41 - 2014-06-25 09:41 - 05211571 ____R (Swearware) C:\Users\Cookie\Desktop\ComboFix.exe 2014-06-23 09:04 - 2014-06-27 10:44 - 00000000 ____D () C:\Windows\Minidump 2014-06-22 23:26 - 2014-06-22 23:26 - 00034171 _____ () C:\Users\Cookie\Desktop\logfiles.zip 2014-06-22 22:55 - 2014-07-03 22:51 - 02083840 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe 2014-06-22 22:45 - 2014-07-03 22:51 - 00000000 ____D () C:\FRST 2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable 2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe 2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe 2014-06-18 17:00 - 2014-06-18 17:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-12 01:29 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-12 01:29 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-12 01:29 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-12 01:29 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-12 01:29 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-12 01:29 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-12 01:29 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-12 01:29 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-12 01:29 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-12 01:29 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-12 01:29 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-12 01:29 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-12 01:29 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-12 01:29 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-12 01:29 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-12 01:29 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-12 01:29 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-12 01:29 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-12 01:29 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-12 01:29 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-12 01:29 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-12 01:29 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-12 01:29 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-12 01:29 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-12 01:29 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-12 01:29 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-12 01:29 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-12 01:29 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-12 01:29 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-12 01:29 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 01:29 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-12 01:29 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-12 01:29 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-12 01:29 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-12 01:29 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-12 01:29 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-12 01:29 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-12 01:29 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-12 01:29 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-12 01:28 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-12 01:28 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-12 01:28 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-12 01:28 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-12 01:28 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-12 01:28 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-12 01:28 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-12 01:28 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-12 01:28 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-12 01:28 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-12 01:28 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-12 01:28 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-12 01:28 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-12 01:28 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-12 01:28 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-12 01:28 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-12 01:28 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-12 01:28 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-12 01:28 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-12 01:28 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-12 01:28 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-12 01:28 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-12 01:28 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag 2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt 2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt 2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip ==================== One Month Modified Files and Folders ======= 2014-07-03 22:52 - 2014-06-29 03:15 - 00016989 _____ () C:\Users\Cookie\Desktop\FRST.txt 2014-07-03 22:51 - 2014-07-03 22:51 - 00000000 ____D () C:\Users\Cookie\Desktop\FRST-OlderVersion 2014-07-03 22:51 - 2014-06-22 22:55 - 02083840 _____ (Farbar) C:\Users\Cookie\Desktop\FRST64.exe 2014-07-03 22:51 - 2014-06-22 22:45 - 00000000 ____D () C:\FRST 2014-07-03 22:48 - 2014-06-29 02:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-03 22:25 - 2014-04-13 10:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-03 22:16 - 2014-03-31 20:16 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-610 Series Update {27C236B4-91FE-4B83-97EA-3F65697B6612}.job 2014-07-03 22:16 - 2014-03-31 20:16 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-610 Series Invitation {27C236B4-91FE-4B83-97EA-3F65697B6612}.job 2014-07-03 22:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-07-03 19:32 - 2014-02-11 14:52 - 01284466 _____ () C:\Windows\WindowsUpdate.log 2014-07-03 13:50 - 2014-04-21 19:35 - 00000000 ____D () C:\ProgramData\TwonkyServer 2014-07-03 13:40 - 2013-05-25 10:48 - 00699092 _____ () C:\Windows\system32\perfh007.dat 2014-07-03 13:40 - 2013-05-25 10:48 - 00149232 _____ () C:\Windows\system32\perfc007.dat 2014-07-03 13:40 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-03 13:37 - 2014-07-03 13:37 - 02347384 _____ (ESET) C:\Users\Cookie\Desktop\esetsmartinstaller_deu.exe 2014-07-03 13:37 - 2014-07-03 13:37 - 00854367 _____ () C:\Users\Cookie\Desktop\SecurityCheck.exe 2014-07-03 12:58 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-03 12:58 - 2009-07-14 06:45 - 00026736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-03 12:50 - 2014-06-27 22:34 - 00000728 _____ () C:\Windows\setupact.log 2014-07-03 12:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-30 13:07 - 2013-10-07 16:59 - 00000000 ____D () C:\Users\Cookie\Desktop\Vorwerk 2014-06-30 11:52 - 2013-05-25 13:40 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\vlc 2014-06-30 10:45 - 2014-05-19 22:44 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-29 03:06 - 2014-06-29 03:06 - 00000900 _____ () C:\Users\Cookie\Desktop\JRT.txt 2014-06-29 02:57 - 2014-06-29 02:57 - 00000000 ____D () C:\Windows\ERUNT 2014-06-29 02:55 - 2014-06-27 22:52 - 00001442 _____ () C:\Windows\PFRO.log 2014-06-29 02:54 - 2014-06-29 02:52 - 00000000 ____D () C:\AdwCleaner 2014-06-29 02:51 - 2014-06-29 02:51 - 00001429 _____ () C:\mbam.txt 2014-06-29 02:47 - 2010-11-21 09:17 - 00000000 ____D () C:\Windows\CSC 2014-06-29 02:34 - 2014-06-29 02:34 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-29 02:34 - 2014-06-29 02:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-29 02:32 - 2014-06-29 02:32 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Cookie\Desktop\mbam-setup-2.0.2.1012.exe 2014-06-29 02:32 - 2014-06-29 02:32 - 01016261 _____ (Thisisu) C:\Users\Cookie\Desktop\JRT.exe 2014-06-29 02:31 - 2014-06-29 02:31 - 01342659 _____ () C:\Users\Cookie\Desktop\adwcleaner_3.213.exe 2014-06-27 23:34 - 2013-08-31 01:33 - 00000000 ___RD () C:\Users\Cookie\Dropbox 2014-06-27 23:31 - 2013-08-31 01:32 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\Dropbox 2014-06-27 23:09 - 2014-05-03 10:45 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DropboxMaster 2014-06-27 23:02 - 2014-06-27 23:02 - 00023934 _____ () C:\Users\Cookie\Desktop\combofix.txt 2014-06-27 22:57 - 2014-06-27 22:57 - 00023934 _____ () C:\ComboFix.txt 2014-06-27 22:57 - 2014-06-27 22:39 - 00000000 ____D () C:\Qoobox 2014-06-27 22:56 - 2014-06-27 22:38 - 00000000 ____D () C:\Windows\erdnt 2014-06-27 22:53 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-27 22:52 - 2009-07-14 04:34 - 72613888 _____ () C:\Windows\system32\config\SOFTWARE.bak 2014-06-27 22:52 - 2009-07-14 04:34 - 21495808 _____ () C:\Windows\system32\config\SYSTEM.bak 2014-06-27 22:52 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak 2014-06-27 22:52 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak 2014-06-27 22:52 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak 2014-06-27 22:34 - 2014-06-27 22:34 - 00000000 _____ () C:\Windows\setuperr.log 2014-06-27 10:44 - 2014-06-23 09:04 - 00000000 ____D () C:\Windows\Minidump 2014-06-25 09:41 - 2014-06-25 09:41 - 05211571 ____R (Swearware) C:\Users\Cookie\Desktop\ComboFix.exe 2014-06-22 23:26 - 2014-06-22 23:26 - 00034171 _____ () C:\Users\Cookie\Desktop\logfiles.zip 2014-06-22 22:43 - 2014-06-22 22:43 - 00000168 _____ () C:\Users\Cookie\defogger_reenable 2014-06-22 22:43 - 2013-05-25 00:59 - 00000000 ____D () C:\Users\Cookie 2014-06-22 22:34 - 2014-06-22 22:34 - 00380416 _____ () C:\Users\Cookie\Desktop\Gmer-19357.exe 2014-06-22 22:33 - 2014-06-22 22:33 - 00050477 _____ () C:\Users\Cookie\Desktop\Defogger.exe 2014-06-22 21:53 - 2013-08-07 19:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-19 21:39 - 2013-10-07 17:05 - 00000106 _____ () C:\Windows\KTEL.INI 2014-06-18 17:01 - 2014-06-18 17:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-18 00:14 - 2013-05-29 14:42 - 00000000 ____D () C:\Users\Cookie\AppData\Roaming\DAEMON Tools Lite 2014-06-18 00:11 - 2014-06-18 00:11 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-06-18 00:11 - 2013-06-08 06:35 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2014-06-18 00:11 - 2013-06-08 06:35 - 00000000 ____D () C:\Program Files\CCleaner 2014-06-12 11:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-12 01:36 - 2013-07-17 03:00 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 01:34 - 2013-10-09 10:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-12 01:34 - 2013-05-25 13:56 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 11:52 - 2014-06-11 11:52 - 00000000 ____D () C:\Users\Cookie\Desktop\pdf mietverrag 2014-06-11 11:40 - 2013-10-09 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2014-06-06 11:10 - 2014-06-06 11:10 - 00011281 _____ () C:\Users\Cookie\Desktop\Empfangsbestätigung.odt 2014-06-03 12:20 - 2014-06-03 12:20 - 00000050 _____ () C:\Users\Cookie\Desktop\vorwerk amerika usa.txt 2014-06-03 12:06 - 2014-06-03 12:06 - 00095167 _____ () C:\Users\Cookie\Desktop\Auftragsbestaetigung.zip Some content of TEMP: ==================== C:\Users\Cookie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4qrddt.dll C:\Users\Cookie\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 10:31 ==================== End Of Log ============================ --- --- --- --- --- --- ist nun alles sauber.. sollte ich meine Passwörter austauschen? vielen dank für deine Mühe Schrauber.  |
|
04.07.2014, 19:25
| #15 |
| /// the machine /// TB-Ausbilder | Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich Jup, zwar nit zwingend nötig aber ne gute Idee mit den Passwörtern Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Internetverbindung / KEIN INTERNETZUGRIFF mehrmals täglich |
| andere, anhang, auswerten, avast, compu, computer, ebanking, falsche, firewall, gespeichert, hackerattacke, handy, inter, interne, internetverbindung, internetzugriff, kein internetzugriff, logfiles, mehrmals, onlinebanking, passwörter, probleme, schlimm, täglich, verbindung, zeichen, zugriff |
Linear-Darstellung
