| |
| |||||||
Log-Analyse und Auswertung: Windows 7: ClamAV(Ubuntu) findet ein Potpourri an VirenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2014, 08:01
| #1 |
 |  Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Hallo zusammen, nachdem ich nach 16 Jahren mal wieder eine Linux Distribution teste, dachte ich mir ich könnte doch mal einen Scan der Windows Dateien laufen lassen. Das Ergebnis hat mich doch etwas verwundert, nur wollte ich, bevor ich willkürlich Dateien lösche nachfragen, ob das eine wirklich gute Idee ist. Die Logs musste ich leider anhängen wegen überschrittener Zeichenlänge. Sollten irgendwelche avast-Logs benötigt werden, gebt bitte kurz Bescheid, ich wollte jetzt nicht auf gut Glück die 19 Logfiles posten. Danke im Voraus |
|
21.07.2014, 10:28
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
21.07.2014, 10:39
| #3 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Hallo Schrauber,
__________________klar gerne: defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:57 on 21/07/2014 (Kilaoa)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-07-2014
Ran by Kilaoa (administrator) on KILAOA-PC on 21-07-2014 07:58:21
Running from C:\Users\Kilaoa\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(The Within Network, LLC) C:\Windows\UnsignedThemesSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
(SRWare) C:\Program Files (x86)\SRWare Iron\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-02] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe [97280 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x91000000
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\MountPoints2: {114bad5f-cb3b-11e0-b5f0-874c4992fae0} - F:\pushinst.exe
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\MountPoints2: {1cf82dfb-f9e0-11e3-a830-1c6f65d6057f} - V:\SETUP.EXE
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\MountPoints2: {441b859e-1cc9-11e1-a2c2-bc054303a499} - F:\Startme.exe
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\MountPoints2: {b9fce39f-cb4f-11e0-ab55-b6ce5a91cbdb} - F:\pushinst.exe
HKU\S-1-5-21-2172048925-2899888979-4254774926-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION
Startup: C:\Users\Kilaoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\AutorunsDisabled ()
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8603DC6E465FCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
SearchScopes: HKLM-x32 - DefaultScope value is missing.
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {3E1201F4-1707-409F-BB45-A5F192381DA0} - No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
Tcpip\..\Interfaces\{A771A120-6C16-4D04-9A21-DC9F36F46170}: [NameServer]192.168.2.1
Tcpip\..\Interfaces\{EF4B6E21-F859-4A36-8D15-C45AF294EA1E}: [NameServer]192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default
FF Homepage: about:blank
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @spoon.net/Spoon Plugin 3.33 - C:\Program Files (x86)\Spoon\3.33.0.18\npMozillaSpoonPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Kilaoa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: DownloadHelper - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: Bazzacuda Image Saver Plus - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{FF2FA6A4-B3B1-11DD-B910-6C9A55D89593} [2014-04-11]
FF Extension: Customizable Shortcuts - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\customizable-shortcuts@timtaubert.de.xpi [2012-07-04]
FF Extension: Firebug - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\firebug@software.joehewitt.com.xpi [2012-04-08]
FF Extension: Open Image In New Tab - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\imagetab@next.gen.nz.xpi [2013-03-27]
FF Extension: Redirect Cleaner - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\redirectcleaner@example.net.xpi [2013-10-24]
FF Extension: Show the Image - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\showtheimage@brunwin.net.xpi [2012-01-04]
FF Extension: TinEye Reverse Image Search - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\tineye@ideeinc.com.xpi [2011-08-22]
FF Extension: URL Flipper - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\urlflipper@mozilla.ktechcomputing.com.xpi [2011-08-22]
FF Extension: URL Link - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi [2013-09-24]
FF Extension: Fangs - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{21D01944-2878-4eb3-A72A-83E8D1E6D4A6}.xpi [2012-07-05]
FF Extension: Google Image Search - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{73007fef-a6e0-47d3-b4e7-dfc116ed6f65}.xpi [2014-02-05]
FF Extension: NoScript - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-08-22]
FF Extension: Web Developer - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2012-05-07]
FF Extension: Adblock Plus - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-08-22]
FF Extension: Greasemonkey - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-25]
FF Extension: User Agent Switcher - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012-07-26]
FF Extension: Redirect Remover - C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2011-08-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2011-08-20]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: sweet-page
CHR DefaultSearchProvider: sweet-page
CHR Extension: (Google Docs) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-26]
CHR Extension: (Google Drive) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-26]
CHR Extension: (YouTube) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-26]
CHR Extension: (Google-Suche) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-26]
CHR Extension: (avast! Online Security) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-26]
CHR Extension: (Google Mail) - C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-26]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-02]
==================== Services (Whitelisted) =================
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-02] (AVAST Software)
R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-03-26] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [72344 2008-05-19] (SiSoftware) [File not signed]
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2013-01-23] (Microsoft Corporation) [File not signed]
R2 UnsignedThemes; C:\Windows\UnsignedThemesSvc.exe [24168 2009-07-13] (The Within Network, LLC)
==================== Drivers (Whitelisted) ====================
S2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-05] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-02] ()
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-28] (Atheros Communications, Inc.)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH) [File not signed]
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-22] (AVM GmbH)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-02] (HTC, Corporation) [File not signed]
S3 s1018bus; C:\Windows\System32\DRIVERS\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mdfl; C:\Windows\System32\DRIVERS\s1018mdfl.sys [19496 2009-03-25] (MCCI Corporation)
S3 s1018mdm; C:\Windows\System32\DRIVERS\s1018mdm.sys [153128 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\DRIVERS\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018nd5; C:\Windows\System32\DRIVERS\s1018nd5.sys [34856 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\DRIVERS\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\DRIVERS\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 uxpatch; C:\Windows\system32\drivers\uxpatch.sys [30568 2009-07-13] ()
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [24064 2007-12-03] (Windows (R) Codename Longhorn DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
S3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-21 07:58 - 2014-07-21 07:58 - 00023104 _____ () C:\Users\Kilaoa\Desktop\FRST.txt
2014-07-21 07:58 - 2014-07-21 07:58 - 00000000 ____D () C:\FRST
2014-07-21 07:57 - 2014-07-21 07:57 - 00000474 _____ () C:\Users\Kilaoa\Desktop\defogger_disable.log
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 _____ () C:\Users\Kilaoa\defogger_reenable
2014-07-21 07:56 - 2014-07-21 07:56 - 02089984 _____ (Farbar) C:\Users\Kilaoa\Desktop\FRST64.exe
2014-07-21 07:55 - 2014-07-21 07:55 - 00380416 _____ () C:\Users\Kilaoa\Desktop\Gmer-19357.exe
2014-07-21 07:55 - 2014-07-21 07:55 - 00050477 _____ () C:\Users\Kilaoa\Desktop\Defogger.exe
2014-07-17 23:20 - 2014-07-17 23:20 - 00009327 _____ () C:\Users\Kilaoa\Downloads\futter.xlsx
2014-07-17 15:00 - 2014-07-17 15:00 - 00028672 _____ () C:\Users\Kilaoa\Downloads\accounts_MEC (1).xls
2014-07-17 11:57 - 2014-07-17 12:59 - 00031232 _____ () C:\Users\Kilaoa\Downloads\export.xls
2014-07-17 09:10 - 2014-07-17 09:34 - 00027648 _____ () C:\Users\Kilaoa\Downloads\accounts_MEC.xls
2014-07-16 22:29 - 2014-07-16 22:29 - 00001073 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\Program Files\Reason
2014-07-16 22:22 - 2014-07-16 23:42 - 00000000 ____D () C:\AdwCleaner
2014-07-16 22:22 - 2014-07-16 22:22 - 01348263 _____ () C:\Users\Kilaoa\Downloads\adwcleaner_3.215.exe
2014-07-16 22:20 - 2014-07-16 22:20 - 02210096 _____ (Reason Company Software Inc.) C:\Users\Kilaoa\Downloads\herdProtectScan_32Setup.exe
2014-07-15 19:56 - 2014-07-15 19:56 - 13547113 _____ () C:\Users\Kilaoa\Desktop\Unbenannt-2.psd
2014-07-15 18:57 - 2014-07-15 19:48 - 50345851 _____ () C:\Users\Kilaoa\Desktop\Unbenannt-1.psd
2014-07-15 18:57 - 2014-07-15 18:57 - 00382464 _____ () C:\Users\Kilaoa\Downloads\SetupFractalius.exe
2014-07-15 08:12 - 2014-07-15 08:12 - 00439720 _____ () C:\Users\Kilaoa\Downloads\The Paarthurnax Dilemma-18465-1-2-8.7z
2014-07-15 07:11 - 2014-07-15 07:11 - 00311170 _____ () C:\Users\Kilaoa\Downloads\lazarus-chrome-latest (1).crx.zip
2014-07-14 21:04 - 2014-07-14 21:04 - 06263496 _____ (TeamViewer GmbH) C:\Users\Kilaoa\Downloads\TeamViewer_Setup_de.exe
2014-07-14 21:03 - 2014-07-14 21:04 - 04663368 _____ (TeamViewer) C:\Users\Kilaoa\Downloads\TeamViewerQS_de.exe
2014-07-14 20:50 - 2014-07-14 20:50 - 04531829 _____ (Firebird Project ) C:\Users\Kilaoa\Downloads\Firebird-2.0.7.13318_0_win32.exe
2014-07-14 20:14 - 2014-07-14 21:25 - 00000000 ____D () C:\ProgramData\firebird
2014-07-14 20:14 - 2014-07-14 20:14 - 00001048 _____ () C:\Users\Public\Desktop\Breeder Software.lnk
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\Users\Kilaoa\Scoutsystems
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breeder Software
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Breeder Software
2014-07-14 20:11 - 2014-07-14 20:12 - 50554307 _____ () C:\Users\Kilaoa\Downloads\BreederSoftwareSetup.exe
2014-07-14 19:55 - 2014-07-14 19:55 - 00000000 ____D () C:\Windows\ZooEasy
2014-07-14 19:54 - 2014-07-14 19:54 - 17962943 _____ () C:\Users\Kilaoa\Downloads\demo.exe
2014-07-14 19:44 - 2014-07-14 19:48 - 01048576 _____ () C:\Users\Kilaoa\Documents\Datenbank1.accdb
2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\WindSolutions
2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 16:13 - 2014-07-14 16:13 - 08779784 _____ () C:\Users\Kilaoa\Downloads\CopyTransManagerDEv1.004.zip
2014-07-10 11:05 - 2014-07-10 11:05 - 00001087 _____ () C:\Users\Kilaoa\Downloads\data_project_785_2014_07_10.csv
2014-07-10 10:14 - 2014-07-10 10:14 - 00251741 _____ () C:\Users\Kilaoa\Downloads\data_project_148226_2014_07_10.csv
2014-07-09 15:23 - 2014-07-09 15:23 - 00202552 _____ () C:\Users\Kilaoa\Downloads\data_project_155684_2014_07_09.csv
2014-07-09 15:08 - 2014-07-09 15:08 - 00217403 _____ () C:\Users\Kilaoa\Downloads\data_project_148172_2014_07_09.csv
2014-07-09 08:19 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 08:19 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 08:19 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 08:19 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 08:19 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 08:19 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 08:19 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 08:19 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 08:19 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 08:19 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 08:19 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 08:19 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 08:19 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 08:19 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 08:19 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 08:19 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 08:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 08:19 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 08:19 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 08:19 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 08:19 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 08:19 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 08:19 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 08:19 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 08:19 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 08:19 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 08:19 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 08:19 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 08:19 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 08:19 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 08:19 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 08:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 08:19 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 08:19 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 08:19 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 08:19 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 08:19 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 08:19 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 08:19 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 08:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 08:19 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 08:19 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 08:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 08:19 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 08:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 08:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 08:19 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 08:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 08:19 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 08:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 08:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 08:19 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 08:19 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 08:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 08:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 08:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 07:37 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 07:37 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 07:35 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 07:35 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 07:35 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 07:35 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 07:35 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 07:35 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 07:35 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 07:35 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 07:30 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 07:30 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 07:30 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 18:06 - 2014-07-08 18:18 - 777332000 _____ (Flexera Software) C:\Users\Kilaoa\Downloads\BlackBerry10Simulator-Installer-BB10_2_0X-1155-Win-201308081613.exe
2014-07-08 14:23 - 2014-07-08 14:23 - 00007219 _____ () C:\Users\Kilaoa\Downloads\data_project_437557_2014_07_08.csv
2014-07-08 10:05 - 2014-07-08 10:05 - 02700394 _____ () C:\Users\Kilaoa\Downloads\EFS 10.3 Release Overview.pptx
2014-07-07 22:59 - 2014-07-07 22:59 - 00002065 _____ () C:\Users\Public\Desktop\Reader for PC.lnk
2014-07-07 22:59 - 2014-07-07 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-07-07 22:59 - 2014-07-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-07-07 22:51 - 2014-07-07 22:51 - 00001517 _____ () C:\Users\Kilaoa\Downloads\URLLink (1).acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001514 _____ () C:\Users\Kilaoa\Downloads\URLLink (3).acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001502 _____ () C:\Users\Kilaoa\Downloads\URLLink.acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001475 _____ () C:\Users\Kilaoa\Downloads\URLLink (2).acsm
2014-07-07 22:25 - 2014-07-07 22:25 - 00972865 _____ () C:\Users\Kilaoa\Downloads\WinDlg_v1_27.zip
2014-07-07 13:41 - 2014-07-07 13:41 - 00311170 _____ () C:\Users\Kilaoa\Downloads\lazarus-chrome-latest.crx
2014-07-05 22:15 - 2014-07-05 22:15 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\OpenOffice
2014-07-05 20:35 - 2014-07-15 19:59 - 00000000 ____D () C:\Users\Kilaoa\Downloads\wallpapers3
2014-07-03 21:46 - 2014-07-03 21:46 - 00007334 _____ () C:\Users\Kilaoa\Desktop\OpenDocument Text (neu).odt
2014-07-03 10:04 - 2014-07-03 10:04 - 00005120 _____ () C:\Users\Kilaoa\Downloads\Rieter_Accounts.xls
2014-07-03 08:09 - 2014-07-03 08:09 - 00026336 _____ () C:\Users\Kilaoa\Downloads\VClouds_RSS.zip
2014-07-03 07:43 - 2014-07-03 07:43 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2014-07-03 07:43 - 2014-07-03 07:43 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator
2014-07-03 07:42 - 2014-07-03 07:43 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Kilaoa\Downloads\LinuxLive USB Creator 2.8.29.exe
2014-07-02 22:54 - 2014-07-21 07:52 - 00002825 _____ () C:\Windows\setupact.log
2014-07-02 22:54 - 2014-07-02 22:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 22:53 - 2014-07-16 23:44 - 00006112 _____ () C:\Windows\PFRO.log
2014-07-02 22:51 - 2014-07-02 22:51 - 00098248 _____ () C:\Users\Kilaoa\Documents\cc_20140702_225131.reg
2014-07-02 22:43 - 2014-07-02 22:43 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-02 22:42 - 2014-07-02 22:43 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-02 22:40 - 2014-07-02 22:39 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-02 22:39 - 2014-07-02 22:39 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-02 22:39 - 2014-07-02 22:39 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-02 22:34 - 2014-07-02 22:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-02 22:32 - 2014-07-02 22:32 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389903000
2014-07-02 21:17 - 2014-07-02 21:33 - 1010827264 _____ () C:\Users\Kilaoa\Downloads\ubuntu-14.04-desktop-amd64.iso
2014-07-02 15:39 - 2014-07-02 15:39 - 00000000 ____D () C:\ProgramData\ATI
2014-07-02 15:28 - 2014-07-02 15:28 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\library_dir
2014-07-02 15:27 - 2014-07-02 22:06 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-07-02 15:27 - 2014-07-02 15:27 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201407021527188104.log
2014-07-02 15:27 - 2014-07-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-02 15:27 - 2014-07-02 15:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-02 15:23 - 2014-07-02 15:23 - 00000000 ____D () C:\Program Files\AMD
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\Program Files\ATI
2014-06-27 21:53 - 2014-06-27 21:53 - 00000000 ____D () C:\SUPERDelete
2014-06-27 21:35 - 2014-06-27 21:35 - 00004535 _____ () C:\Users\Kilaoa\AppData\Roaming\CamStudio.cfg
2014-06-27 21:35 - 2014-06-27 21:35 - 00000408 _____ () C:\Users\Kilaoa\AppData\Roaming\CamShapes.ini
2014-06-27 21:35 - 2014-06-27 21:35 - 00000408 _____ () C:\Users\Kilaoa\AppData\Roaming\CamLayout.ini
2014-06-27 21:35 - 2014-06-27 21:35 - 00000054 _____ () C:\Users\Kilaoa\AppData\Roaming\Camdata.ini
2014-06-27 21:00 - 2014-07-16 23:02 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-27 20:53 - 2014-06-27 20:57 - 00000000 ____D () C:\Users\Kilaoa\Documents\My CamStudio Temp Files
2014-06-27 20:53 - 2014-06-27 20:53 - 00000096 _____ () C:\Users\Kilaoa\AppData\Roaming\version2.xml
2014-06-27 20:53 - 2014-06-27 20:53 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\WorldofTanks
2014-06-25 17:33 - 2014-07-20 22:09 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Adobe
2014-06-24 21:33 - 2014-06-24 21:33 - 00014682 _____ () C:\Users\Kilaoa\Documents\cc_20140624_213318.reg
2014-06-24 21:21 - 2014-06-24 21:22 - 00051510 _____ () C:\Users\Kilaoa\Documents\cc_20140624_212154.reg
2014-06-23 21:41 - 2014-06-23 23:11 - 00023588 _____ () C:\Users\Kilaoa\Documents\neue.wlmp
2014-06-23 13:16 - 2014-07-02 22:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-23 13:16 - 2014-06-23 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-23 13:16 - 2014-06-23 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-23 13:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-23 13:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-23 01:41 - 2014-06-23 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-23 01:41 - 2014-06-23 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-23 01:39 - 2014-06-23 01:39 - 00000000 ____D () C:\Users\Kilaoa\Documents\Benutzerdefinierte Office-Vorlagen
2014-06-22 13:34 - 2014-06-22 13:34 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-22 13:33 - 2014-07-13 16:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-06-22 13:32 - 2014-06-22 13:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-22 13:32 - 2014-06-22 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-22 13:31 - 2014-06-22 13:32 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Microsoft Help
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-06-22 13:28 - 2014-07-13 16:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-22 13:28 - 2014-06-22 13:31 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-22 13:27 - 2014-06-22 13:27 - 00000000 __RHD () C:\MSOCache
2014-06-22 13:23 - 2014-06-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2014-06-22 13:23 - 2014-06-22 13:23 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-06-22 13:00 - 2014-06-22 13:12 - 820998144 _____ () C:\Users\Kilaoa\Documents\OfficeProfessionalPlus_x64_de-de.img
==================== One Month Modified Files and Folders =======
2014-07-21 07:58 - 2014-07-21 07:58 - 00023104 _____ () C:\Users\Kilaoa\Desktop\FRST.txt
2014-07-21 07:58 - 2014-07-21 07:58 - 00000000 ____D () C:\FRST
2014-07-21 07:57 - 2014-07-21 07:57 - 00000474 _____ () C:\Users\Kilaoa\Desktop\defogger_disable.log
2014-07-21 07:57 - 2014-07-21 07:57 - 00000000 _____ () C:\Users\Kilaoa\defogger_reenable
2014-07-21 07:57 - 2011-08-20 16:05 - 00000000 ____D () C:\Users\Kilaoa
2014-07-21 07:56 - 2014-07-21 07:56 - 02089984 _____ (Farbar) C:\Users\Kilaoa\Desktop\FRST64.exe
2014-07-21 07:56 - 2011-08-20 16:00 - 01301369 _____ () C:\Windows\WindowsUpdate.log
2014-07-21 07:55 - 2014-07-21 07:55 - 00380416 _____ () C:\Users\Kilaoa\Desktop\Gmer-19357.exe
2014-07-21 07:55 - 2014-07-21 07:55 - 00050477 _____ () C:\Users\Kilaoa\Desktop\Defogger.exe
2014-07-21 07:52 - 2014-07-02 22:54 - 00002825 _____ () C:\Windows\setupact.log
2014-07-21 07:52 - 2012-07-12 20:51 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-07-21 07:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-20 23:09 - 2012-11-07 22:23 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-20 22:09 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Adobe
2014-07-20 22:06 - 2009-07-14 06:45 - 00013552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-20 22:06 - 2009-07-14 06:45 - 00013552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-20 00:14 - 2009-07-14 19:58 - 00712412 _____ () C:\Windows\system32\perfh007.dat
2014-07-20 00:14 - 2009-07-14 19:58 - 00155502 _____ () C:\Windows\system32\perfc007.dat
2014-07-20 00:14 - 2009-07-14 07:13 - 01651758 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-19 22:37 - 2013-03-26 04:43 - 00000000 ____D () C:\Program Files\MyDefrag v4.3.1
2014-07-17 23:28 - 2011-08-21 00:24 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Skype
2014-07-17 23:20 - 2014-07-17 23:20 - 00009327 _____ () C:\Users\Kilaoa\Downloads\futter.xlsx
2014-07-17 15:10 - 2012-04-11 09:23 - 00000000 ____D () C:\Program Files (x86)\ac'tivAid
2014-07-17 15:00 - 2014-07-17 15:00 - 00028672 _____ () C:\Users\Kilaoa\Downloads\accounts_MEC (1).xls
2014-07-17 12:59 - 2014-07-17 11:57 - 00031232 _____ () C:\Users\Kilaoa\Downloads\export.xls
2014-07-17 09:34 - 2014-07-17 09:10 - 00027648 _____ () C:\Users\Kilaoa\Downloads\accounts_MEC.xls
2014-07-16 23:44 - 2014-07-02 22:53 - 00006112 _____ () C:\Windows\PFRO.log
2014-07-16 23:42 - 2014-07-16 22:22 - 00000000 ____D () C:\AdwCleaner
2014-07-16 23:02 - 2014-06-27 21:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-16 22:29 - 2014-07-16 22:29 - 00001073 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2014-07-16 22:29 - 2014-07-16 22:29 - 00000000 ____D () C:\Program Files\Reason
2014-07-16 22:22 - 2014-07-16 22:22 - 01348263 _____ () C:\Users\Kilaoa\Downloads\adwcleaner_3.215.exe
2014-07-16 22:20 - 2014-07-16 22:20 - 02210096 _____ (Reason Company Software Inc.) C:\Users\Kilaoa\Downloads\herdProtectScan_32Setup.exe
2014-07-15 19:59 - 2014-07-05 20:35 - 00000000 ____D () C:\Users\Kilaoa\Downloads\wallpapers3
2014-07-15 19:56 - 2014-07-15 19:56 - 13547113 _____ () C:\Users\Kilaoa\Desktop\Unbenannt-2.psd
2014-07-15 19:48 - 2014-07-15 18:57 - 50345851 _____ () C:\Users\Kilaoa\Desktop\Unbenannt-1.psd
2014-07-15 18:57 - 2014-07-15 18:57 - 00382464 _____ () C:\Users\Kilaoa\Downloads\SetupFractalius.exe
2014-07-15 16:02 - 2012-07-26 19:48 - 00000000 ____D () C:\Users\Kilaoa\Downloads\Arbeit
2014-07-15 08:12 - 2014-07-15 08:12 - 00439720 _____ () C:\Users\Kilaoa\Downloads\The Paarthurnax Dilemma-18465-1-2-8.7z
2014-07-15 08:12 - 2014-04-11 11:15 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Skyrim
2014-07-15 07:11 - 2014-07-15 07:11 - 00311170 _____ () C:\Users\Kilaoa\Downloads\lazarus-chrome-latest (1).crx.zip
2014-07-15 07:05 - 2011-08-20 17:13 - 00151728 _____ () C:\Users\Kilaoa\AppData\Local\GDIPFONTCACHEV1.DAT
2014-07-15 07:03 - 2009-07-14 06:45 - 05158720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-14 21:25 - 2014-07-14 20:14 - 00000000 ____D () C:\ProgramData\firebird
2014-07-14 21:04 - 2014-07-14 21:04 - 06263496 _____ (TeamViewer GmbH) C:\Users\Kilaoa\Downloads\TeamViewer_Setup_de.exe
2014-07-14 21:04 - 2014-07-14 21:03 - 04663368 _____ (TeamViewer) C:\Users\Kilaoa\Downloads\TeamViewerQS_de.exe
2014-07-14 20:50 - 2014-07-14 20:50 - 04531829 _____ (Firebird Project ) C:\Users\Kilaoa\Downloads\Firebird-2.0.7.13318_0_win32.exe
2014-07-14 20:14 - 2014-07-14 20:14 - 00001048 _____ () C:\Users\Public\Desktop\Breeder Software.lnk
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\Users\Kilaoa\Scoutsystems
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Breeder Software
2014-07-14 20:14 - 2014-07-14 20:14 - 00000000 ____D () C:\Program Files (x86)\Breeder Software
2014-07-14 20:12 - 2014-07-14 20:11 - 50554307 _____ () C:\Users\Kilaoa\Downloads\BreederSoftwareSetup.exe
2014-07-14 19:55 - 2014-07-14 19:55 - 00000000 ____D () C:\Windows\ZooEasy
2014-07-14 19:54 - 2014-07-14 19:54 - 17962943 _____ () C:\Users\Kilaoa\Downloads\demo.exe
2014-07-14 19:48 - 2014-07-14 19:44 - 01048576 _____ () C:\Users\Kilaoa\Documents\Datenbank1.accdb
2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\WindSolutions
2014-07-14 16:24 - 2014-07-14 16:24 - 00000000 ____D () C:\ProgramData\WindSolutions
2014-07-14 16:13 - 2014-07-14 16:13 - 08779784 _____ () C:\Users\Kilaoa\Downloads\CopyTransManagerDEv1.004.zip
2014-07-13 16:53 - 2014-06-22 13:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-13 16:53 - 2014-06-22 13:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-11 16:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 11:05 - 2014-07-10 11:05 - 00001087 _____ () C:\Users\Kilaoa\Downloads\data_project_785_2014_07_10.csv
2014-07-10 10:14 - 2014-07-10 10:14 - 00251741 _____ () C:\Users\Kilaoa\Downloads\data_project_148226_2014_07_10.csv
2014-07-10 06:55 - 2014-05-07 00:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 06:55 - 2009-07-14 20:18 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 06:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 22:12 - 2013-08-15 02:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 22:10 - 2011-08-21 01:40 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 15:23 - 2014-07-09 15:23 - 00202552 _____ () C:\Users\Kilaoa\Downloads\data_project_155684_2014_07_09.csv
2014-07-09 15:08 - 2014-07-09 15:08 - 00217403 _____ () C:\Users\Kilaoa\Downloads\data_project_148172_2014_07_09.csv
2014-07-09 08:09 - 2012-11-07 22:23 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 08:09 - 2012-03-29 20:53 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 08:09 - 2011-08-20 17:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 18:18 - 2014-07-08 18:06 - 777332000 _____ (Flexera Software) C:\Users\Kilaoa\Downloads\BlackBerry10Simulator-Installer-BB10_2_0X-1155-Win-201308081613.exe
2014-07-08 14:23 - 2014-07-08 14:23 - 00007219 _____ () C:\Users\Kilaoa\Downloads\data_project_437557_2014_07_08.csv
2014-07-08 10:05 - 2014-07-08 10:05 - 02700394 _____ () C:\Users\Kilaoa\Downloads\EFS 10.3 Release Overview.pptx
2014-07-07 23:06 - 2013-02-21 14:09 - 14024704 _____ () C:\Users\Kilaoa\AppData\Roaming\Sandra.mdb
2014-07-07 22:59 - 2014-07-07 22:59 - 00002065 _____ () C:\Users\Public\Desktop\Reader for PC.lnk
2014-07-07 22:59 - 2014-07-07 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reader for pc
2014-07-07 22:59 - 2014-07-07 22:59 - 00000000 ____D () C:\Program Files (x86)\Sony
2014-07-07 22:59 - 2012-09-01 12:13 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Sony Corporation
2014-07-07 22:51 - 2014-07-07 22:51 - 00001517 _____ () C:\Users\Kilaoa\Downloads\URLLink (1).acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001514 _____ () C:\Users\Kilaoa\Downloads\URLLink (3).acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001502 _____ () C:\Users\Kilaoa\Downloads\URLLink.acsm
2014-07-07 22:51 - 2014-07-07 22:51 - 00001475 _____ () C:\Users\Kilaoa\Downloads\URLLink (2).acsm
2014-07-07 22:25 - 2014-07-07 22:25 - 00972865 _____ () C:\Users\Kilaoa\Downloads\WinDlg_v1_27.zip
2014-07-07 13:41 - 2014-07-07 13:41 - 00311170 _____ () C:\Users\Kilaoa\Downloads\lazarus-chrome-latest.crx
2014-07-05 22:15 - 2014-07-05 22:15 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\OpenOffice
2014-07-05 19:46 - 2011-08-20 17:26 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-03 21:46 - 2014-07-03 21:46 - 00007334 _____ () C:\Users\Kilaoa\Desktop\OpenDocument Text (neu).odt
2014-07-03 10:04 - 2014-07-03 10:04 - 00005120 _____ () C:\Users\Kilaoa\Downloads\Rieter_Accounts.xls
2014-07-03 08:34 - 2011-08-29 22:11 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Notepad++
2014-07-03 08:09 - 2014-07-03 08:09 - 00026336 _____ () C:\Users\Kilaoa\Downloads\VClouds_RSS.zip
2014-07-03 07:55 - 2011-08-20 17:15 - 00000000 ____D () C:\Program Files (x86)\SRWare Iron
2014-07-03 07:43 - 2014-07-03 07:43 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
2014-07-03 07:43 - 2014-07-03 07:43 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator
2014-07-03 07:43 - 2014-07-03 07:42 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Kilaoa\Downloads\LinuxLive USB Creator 2.8.29.exe
2014-07-02 22:54 - 2014-07-02 22:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 22:54 - 2013-02-26 23:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-07-02 22:51 - 2014-07-02 22:51 - 00098248 _____ () C:\Users\Kilaoa\Documents\cc_20140702_225131.reg
2014-07-02 22:49 - 2013-06-02 23:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRWare Iron
2014-07-02 22:43 - 2014-07-02 22:43 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.0
2014-07-02 22:43 - 2014-07-02 22:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-07-02 22:42 - 2011-10-28 18:04 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-07-02 22:42 - 2011-08-22 12:32 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\vlc
2014-07-02 22:41 - 2014-01-16 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
2014-07-02 22:39 - 2014-07-02 22:40 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-07-02 22:39 - 2014-07-02 22:39 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-07-02 22:39 - 2014-07-02 22:39 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-07-02 22:39 - 2014-01-16 22:07 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-07-02 22:39 - 2014-01-16 22:07 - 00000000 ____D () C:\Program Files\Java
2014-07-02 22:39 - 2013-11-19 20:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-02 22:34 - 2014-07-02 22:34 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-02 22:34 - 2014-06-23 13:16 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-02 22:34 - 2014-01-07 20:18 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-02 22:34 - 2013-12-03 14:52 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-02 22:34 - 2013-05-31 07:32 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-02 22:34 - 2013-05-31 07:32 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-07-02 22:34 - 2012-02-25 12:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-02 22:34 - 2011-08-20 17:26 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-02 22:34 - 2011-08-20 17:26 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-02 22:34 - 2011-08-20 17:26 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-02 22:32 - 2014-07-02 22:32 - 00003844 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389903000
2014-07-02 22:32 - 2012-08-07 09:29 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-07-02 22:31 - 2013-07-13 11:34 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-02 22:30 - 2012-11-07 22:14 - 00000000 ____D () C:\Program Files\VideoLAN
2014-07-02 22:30 - 2011-08-29 22:11 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-07-02 22:29 - 2013-08-03 01:18 - 00001903 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-07-02 22:29 - 2013-01-12 00:54 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-07-02 22:28 - 2013-06-19 19:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-07-02 22:28 - 2013-05-31 07:25 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-02 22:28 - 2013-05-31 07:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-02 22:28 - 2013-02-21 14:27 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-07-02 22:28 - 2011-11-23 00:34 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-02 22:06 - 2014-07-02 15:27 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-07-02 22:06 - 2014-06-05 15:16 - 00037237 _____ () C:\ndsvc.log
2014-07-02 22:06 - 2013-12-20 15:19 - 00000000 ____D () C:\ProgramData\Origin
2014-07-02 22:05 - 2014-04-24 18:27 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-02 22:03 - 2013-07-04 17:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-02 22:02 - 2014-04-24 20:04 - 00000000 ____D () C:\Program Files (x86)\iExplorer
2014-07-02 22:02 - 2012-04-02 15:26 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Google
2014-07-02 22:01 - 2013-05-18 13:38 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-07-02 22:00 - 2011-12-07 13:11 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Canon Easy-PhotoPrint EX
2014-07-02 22:00 - 2011-12-07 10:30 - 00000000 ____D () C:\Program Files\Canon
2014-07-02 22:00 - 2011-08-21 19:50 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Deployment
2014-07-02 21:59 - 2011-12-07 10:27 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-07-02 21:33 - 2014-07-02 21:17 - 1010827264 _____ () C:\Users\Kilaoa\Downloads\ubuntu-14.04-desktop-amd64.iso
2014-07-02 18:17 - 2013-10-16 07:12 - 00005547 _____ () C:\Users\Kilaoa\Documents\TombRaider.log
2014-07-02 15:39 - 2014-07-02 15:39 - 00000000 ____D () C:\ProgramData\ATI
2014-07-02 15:28 - 2014-07-02 15:28 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\library_dir
2014-07-02 15:27 - 2014-07-02 15:27 - 00061648 _____ () C:\Windows\SysWOW64\CCCInstall_201407021527188104.log
2014-07-02 15:27 - 2014-07-02 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-07-02 15:27 - 2014-07-02 15:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-07-02 15:27 - 2011-08-20 17:11 - 00000000 ____D () C:\ProgramData\AMD
2014-07-02 15:26 - 2011-08-20 17:11 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-07-02 15:24 - 2012-08-28 13:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System
2014-07-02 15:23 - 2014-07-02 15:23 - 00000000 ____D () C:\Program Files\AMD
2014-07-02 15:21 - 2014-07-02 15:21 - 00000000 ____D () C:\Program Files\ATI
2014-07-02 15:21 - 2013-01-10 16:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-30 04:09 - 2014-07-09 07:37 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-30 04:04 - 2014-07-09 07:37 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-29 17:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-06-27 21:53 - 2014-06-27 21:53 - 00000000 ____D () C:\SUPERDelete
2014-06-27 21:48 - 2014-01-16 22:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-27 21:35 - 2014-06-27 21:35 - 00004535 _____ () C:\Users\Kilaoa\AppData\Roaming\CamStudio.cfg
2014-06-27 21:35 - 2014-06-27 21:35 - 00000408 _____ () C:\Users\Kilaoa\AppData\Roaming\CamShapes.ini
2014-06-27 21:35 - 2014-06-27 21:35 - 00000408 _____ () C:\Users\Kilaoa\AppData\Roaming\CamLayout.ini
2014-06-27 21:35 - 2014-06-27 21:35 - 00000054 _____ () C:\Users\Kilaoa\AppData\Roaming\Camdata.ini
2014-06-27 20:57 - 2014-06-27 20:53 - 00000000 ____D () C:\Users\Kilaoa\Documents\My CamStudio Temp Files
2014-06-27 20:53 - 2014-06-27 20:53 - 00000096 _____ () C:\Users\Kilaoa\AppData\Roaming\version2.xml
2014-06-27 20:53 - 2014-06-27 20:53 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\WorldofTanks
2014-06-27 08:00 - 2011-09-21 12:59 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-06-27 08:00 - 2011-09-21 12:56 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-27 07:50 - 2011-09-21 12:56 - 00290776 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-06-24 21:53 - 2013-07-13 19:38 - 00000000 ____D () C:\Users\Kilaoa\Desktop\fotos
2014-06-24 21:33 - 2014-06-24 21:33 - 00014682 _____ () C:\Users\Kilaoa\Documents\cc_20140624_213318.reg
2014-06-24 21:33 - 2014-04-24 20:05 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-06-24 21:32 - 2013-06-09 23:56 - 00000000 ____D () C:\Windows\pss
2014-06-24 21:24 - 2012-01-25 10:01 - 00000000 ____D () C:\ProgramData\Apple
2014-06-24 21:22 - 2014-06-24 21:21 - 00051510 _____ () C:\Users\Kilaoa\Documents\cc_20140624_212154.reg
2014-06-24 21:20 - 2013-05-26 14:50 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 21:17 - 2014-04-02 09:30 - 00000000 ____D () C:\Users\Kilaoa\Documents\My Games
2014-06-24 08:35 - 2012-05-17 18:08 - 00000000 ____D () C:\Users\Kilaoa\Documents\Telltale Games
2014-06-23 23:11 - 2014-06-23 21:41 - 00023588 _____ () C:\Users\Kilaoa\Documents\neue.wlmp
2014-06-23 16:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-06-23 16:53 - 2009-07-14 04:34 - 00000530 _____ () C:\Windows\win.ini
2014-06-23 16:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-06-23 13:16 - 2014-06-23 13:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-23 13:16 - 2014-06-23 13:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-23 13:16 - 2013-05-27 12:14 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-23 13:16 - 2011-08-22 16:01 - 00000000 ____D () C:\Users\Kilaoa\AppData\Roaming\Malwarebytes
2014-06-23 13:16 - 2011-08-22 16:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-23 13:16 - 2011-08-22 16:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-06-23 01:41 - 2014-06-23 01:41 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-06-23 01:41 - 2014-06-23 01:41 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-06-23 01:39 - 2014-06-23 01:39 - 00000000 ____D () C:\Users\Kilaoa\Documents\Benutzerdefinierte Office-Vorlagen
2014-06-22 13:34 - 2014-06-22 13:34 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-06-22 13:32 - 2014-06-22 13:32 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-22 13:32 - 2014-06-22 13:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-06-22 13:32 - 2014-06-22 13:31 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-06-22 13:32 - 2009-07-14 20:18 - 00000000 ____D () C:\Windows\ShellNew
2014-06-22 13:31 - 2014-06-22 13:28 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Users\Kilaoa\AppData\Local\Microsoft Help
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-06-22 13:29 - 2014-06-22 13:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-06-22 13:27 - 2014-06-22 13:27 - 00000000 __RHD () C:\MSOCache
2014-06-22 13:23 - 2014-06-22 13:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinCDEmu
2014-06-22 13:23 - 2014-06-22 13:23 - 00000000 ____D () C:\Program Files (x86)\WinCDEmu
2014-06-22 13:12 - 2014-06-22 13:00 - 820998144 _____ () C:\Users\Kilaoa\Documents\OfficeProfessionalPlus_x64_de-de.img
Some content of TEMP:
====================
C:\Users\Kilaoa\AppData\Local\Temp\Quarantine.exe
C:\Users\Kilaoa\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kilaoa\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kilaoa\AppData\Local\Temp\xmlUpdater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-18 17:28
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-07-2014
Ran by Kilaoa at 2014-07-21 07:59:25
Running from C:\Users\Kilaoa\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
ac'tivAid v1.3.1 (HKLM-x32\...\ac'tivAid) (Version: 1.3.1 - Heise Zeitschriften Verlag GmbH & Co. KG)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions (HKLM-x32\...\Digital Editions) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Ahnenblatt 2.74 (HKLM-x32\...\Ahnenblatt_is1) (Version: 2.74.0.1 - Dirk Boettcher)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.71219.1540 - Advanced Micro Devices, Inc.) Hidden
AMD USB Filter Driver (x32 Version: 1.0.15.94 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
APB Reloaded (HKLM-x32\...\APB Reloaded) (Version: 1.4.0.567573 - )
Audacity 1.3.13 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
AutoHotkey 1.0.47.06 (HKLM-x32\...\AutoHotkey) (Version: 1.0.47.06 - Chris Mallett)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
BOSS (HKLM-x32\...\BOSS) (Version: 2.1.1 - BOSS Development Team)
Breeder Software (HKLM-x32\...\Breeder Software) (Version: 2.9.0 - Scoutsystems Software)
calibre (HKLM-x32\...\{D9A3B393-72E7-44FD-B4B4-A463A0C2CC0F}) (Version: 0.9.30 - Kovid Goyal)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MG5200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series) (Version: - )
Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1219.1521.27485 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4852 - CDBurnerXP)
Chatter Desktop (HKLM-x32\...\sfdc-desktop.0E7F0072024938CDBA99B20C38B5F315254C2A5B.1) (Version: 3.2.1 - Salesforce.com)
Chatter Desktop (x32 Version: 3.2.1 - Salesforce.com) Hidden
Combined Community Codec Pack 2011-06-26 (HKLM-x32\...\Combined Community Codec Pack_is1) (Version: 2011.06.26.0 - CCCP Project)
CPUID HWMonitor 1.18 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D1C35197-B856-45E2-BA67-5ABB6B0CA9C2}) (Version: - Microsoft)
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Diagnostic Utility (HKLM-x32\...\{7236672F-6430-439E-9B27-27EDEAF1D676}) (Version: 1.00.0000 - Realtek)
FileHippo.com Update Checker (HKLM-x32\...\FileHippo.com) (Version: - )
FileZilla Client 3.8.1 (HKLM-x32\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GamersFirst LIVE! (HKCU\...\GamersFirst LIVE!) (Version: - GamersFirst)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
herdProtect Anti-Malware Scanner (HKLM-x32\...\herdProtectScan) (Version: 1.0 - Reason Company Software Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
LAME v3.98.3 for Audacity (HKLM-x32\...\LAME for Audacity_is1) (Version: - )
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.0.3.0 - Lightworks)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-GB)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
msxml4 (HKLM-x32\...\{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}) (Version: 1.0.0 - Default Company Name)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.49.3 - Black Tree Gaming)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.7 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.0 (HKLM-x32\...\{C87EF11D-36E9-479D-9898-7541EA1E8A6A}) (Version: 4.10.9764 - Apache Software Foundation)
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Password Safe (HKLM-x32\...\Password Safe) (Version: - )
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QNAP Finder (HKLM-x32\...\QNAP_FINDER) (Version: 3.4.3.0523 - QNAP Systems, Inc.)
Ragnarok Online (HKLM-x32\...\{C93C1D7D-DF06-49BD-990F-EAFED3E41C57}) (Version: 14.1.3 - Gravity Interactive, Inc.)
Reader for PC (HKLM-x32\...\{38FB32F7-5A2A-40E4-B106-4C35F75725CD}) (Version: 2.4.00.05230 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6358 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
SiSoftware Sandra Lite 2014.SP2a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 20.35.2014.6 - SiSoftware)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SRWare Iron Version SRWare Iron 35.0.1900.0 (HKLM-x32\...\{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1) (Version: SRWare Iron 35.0.1900.0 - SRWare)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version: - Crystal Dynamics)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881085) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{58D92858-3C94-4C2F-A8E4-AEFF9304C3CF}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CE9A9D7C-B6FB-4F6C-8BDE-9A1ADBBAC1EE}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{EC2AF602-2730-4B05-9438-06CDE43153F2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880987) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{6F540E80-4BB2-413F-9648-52031AA237B7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881074) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{9A479F9C-C1EC-4833-A115-A8B7A60480BD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{00BBBFFE-8889-4953-956A-77DDE975A947}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{3A12DFA2-3FF5-450E-BDB1-A742551A5D1A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{EA8072E8-E3CF-46DF-A5DE-9F5975344327}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881084) 64-Bit Edition (HKLM\...\{90150000-001F-0410-1000-0000000FF1CE}_Office15.PROPLUSR_{BF0D921F-E77E-4E03-BE71-46D9D2C7A36A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881086) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{ED3A8E98-FDD4-493F-A0EC-141821573EC2}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881087) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{3C6F4768-FB23-4ECF-8328-5C47E0664B65}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881075) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C8955821-EDAC-4E65-BEF3-C9C0A049517A}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881080) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{F96FE9BB-CD90-472B-852E-156342618C54}) (Version: - Microsoft)
UxStyle Core Beta (HKLM\...\{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}) (Version: 0.2.1.1 - The Within Network, LLC)
Vista Shortcut Manager x64 (HKLM\...\{C7311329-C491-427B-8880-133E84869B3A}) (Version: 2.0 - Frameworkx)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.2) (Version: 1.3.2 - Xvid Team)
==================== Restore Points =========================
19-07-2014 21:40:53 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {21DA34EA-C495-4481-8334-3D0A42F32613} - System32\Tasks\AdobeAAMUpdater-1.0-Kilaoa-PC-Kilaoa => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated)
Task: {2F1726FD-6273-4105-B634-882F0AEF74C0} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-02] (AVAST Software)
Task: {4274BC86-1478-4B6C-86A0-1B962212D402} - System32\Tasks\Opera scheduled Autoupdate 1389903000 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software)
Task: {4294ED29-9CD1-4789-925F-9C254E7CC85D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {54C8B43D-5B3E-4230-AEEE-F6755467FB61} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {72AF2577-870C-43DC-95D5-D1D90E897537} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {795B22B3-9040-4485-8196-FE94FF80ED0E} - System32\Tasks\{63D918F5-C6AD-4D67-81D3-6C8E18122E11} => c:\program files (x86)\srware iron\iron.exe [2014-01-31] ()
Task: {7A43C6EF-9DF8-4114-924C-03156726367D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {8CD0A094-D6BC-4D36-AFE9-958E202FBA32} - System32\Tasks\{6AF5E874-C5EF-4DEC-B6D8-FDC4D62D7B39} => c:\program files (x86)\srware iron\iron.exe [2014-01-31] ()
Task: {B2528F0F-5D94-4898-B352-7E13FF407A04} - System32\Tasks\{9F945D4E-B993-4FCF-92AB-5D084BC158BF} => c:\program files (x86)\srware iron\iron.exe [2014-01-31] ()
Task: {D330D97D-DACB-4454-9B1A-0D3FCEA21BEA} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {F4F85654-1CA2-4B34-BE01-C33CE8C99AE7} - System32\Tasks\RunAsStdUser Task => C:\Program Files\NetDrive\netdrive.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2011-09-21 12:56 - 2013-03-26 13:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-17 22:29 - 2014-04-17 22:29 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-07-02 22:34 - 2014-07-02 22:34 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-07-20 22:00 - 2014-07-20 22:00 - 02793472 _____ () C:\Program Files\AVAST Software\Avast\defs\14072001\algo.dll
2014-07-02 22:34 - 2014-07-02 22:34 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2011-08-20 17:15 - 2014-05-26 16:34 - 00870912 _____ () C:\Program Files (x86)\SRWare Iron\libglesv2.dll
2011-08-20 17:15 - 2014-05-26 16:35 - 00128512 _____ () C:\Program Files (x86)\SRWare Iron\libegl.dll
2013-06-02 23:02 - 2014-05-26 16:34 - 00950272 _____ () C:\Program Files (x86)\SRWare Iron\ffmpegsumo.dll
2014-07-09 08:09 - 2014-07-09 08:09 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:A9364E30
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Kommunikationsanschluss (COM1)
Description: Kommunikationsanschluss
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardanschlusstypen)
Service: Serial
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Standard-Diskettenlaufwerkcontroller
Description: Standard-Diskettenlaufwerkcontroller
Class Guid: {4d36e969-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard-Diskettenlaufwerkcontroller)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/16/2014 10:22:12 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Kilaoa-PC)
Description: Die Anwendung oder der Dienst "Internet Pass-Through Service" konnte nicht neu gestartet werden.
Error: (07/16/2014 03:06:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.114 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1378
Startzeit: 01cfa0f68e6670b9
Endzeit: 10
Anwendungspfad: C:\Program Files (x86)\SRWare Iron\chrome.exe
Berichts-ID: feade16f-0ce9-11e4-906e-1c6f65d6057f
Error: (07/16/2014 02:59:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm TESV.exe, Version 1.9.32.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: a44
Startzeit: 01cfa0f0c087f3f0
Endzeit: 167
Anwendungspfad: D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Berichts-ID:
Error: (07/14/2014 08:56:36 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 08:52:47 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 08:52:45 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 05:19:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Volume "(C:)" wurde aufgrund eines Fehlers nicht defragmentiert: Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (07/11/2014 11:16:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm TESV.exe, Version 1.9.32.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 8c8
Startzeit: 01cf9ce88a130715
Endzeit: 67
Anwendungspfad: D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Berichts-ID:
Error: (07/11/2014 11:14:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm TESV.exe, Version 1.9.32.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13a0
Startzeit: 01cf9cd15d5e41c7
Endzeit: 179
Anwendungspfad: D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Berichts-ID:
Error: (07/07/2014 10:19:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.114 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 234
Startzeit: 01cf9a209a9998b7
Endzeit: 4
Anwendungspfad: C:\Program Files (x86)\SRWare Iron\chrome.exe
Berichts-ID: f39e51c9-0613-11e4-be2f-1c6f65d6057f
System errors:
=============
Error: (07/21/2014 07:53:40 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/21/2014 07:52:51 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (07/21/2014 07:52:49 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (07/21/2014 07:52:46 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (07/21/2014 07:52:44 AM) (Source: hasplms) (EventID: 3) (User: )
Description: ERROR: Sentinel LDK License Manager failed to start in a promptly manner!
Error: (07/21/2014 07:52:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/20/2014 10:00:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (07/20/2014 09:59:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/20/2014 09:59:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "AODDriver4.3" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/20/2014 03:45:50 AM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (07/16/2014 10:22:12 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Kilaoa-PC)
Description: 0PassThruSvr.exeInternet Pass-Through Service03026217819560
Error: (07/16/2014 03:06:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.114137801cfa0f68e6670b910C:\Program Files (x86)\SRWare Iron\chrome.exefeade16f-0ce9-11e4-906e-1c6f65d6057f
Error: (07/16/2014 02:59:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TESV.exe1.9.32.0a4401cfa0f0c087f3f0167D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Error: (07/14/2014 08:56:36 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 08:52:47 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 08:52:45 PM) (Source: FirebirdServerDefaultInstance) (EventID: 0) (User: )
Description: FirebirdServerDefaultInstance error: 1063StartServiceCtrlDispatcher failed
Error: (07/14/2014 05:19:08 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: (C:)Es wurde versucht, eine Datei mit einem falschen Format zu laden. (0x8007000B)
Error: (07/11/2014 11:16:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TESV.exe1.9.32.08c801cf9ce88a13071567D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Error: (07/11/2014 11:14:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: TESV.exe1.9.32.013a001cf9cd15d5e41c7179D:\Spiele\Steam\SteamApps\common\Skyrim\TESV.exe
Error: (07/07/2014 10:19:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.11423401cf9a209a9998b74C:\Program Files (x86)\SRWare Iron\chrome.exef39e51c9-0613-11e4-be2f-1c6f65d6057f
CodeIntegrity Errors:
===================================
Date: 2011-08-20 17:42:04.403
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:42:04.387
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:41:36.191
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:41:36.061
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:40:17.713
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:40:17.682
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:37:30.161
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2011-08-20 17:37:30.141
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\athrxusb.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 4093.55 MB
Available physical RAM: 2350.7 MB
Total Pagefile: 8185.29 MB
Available Pagefile: 6107.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.65 GB) (Free:21.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:106.5 GB) (Free:38.33 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C19CC19C)
Partition 1: (Active) - (Size=98 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
|
21.07.2014, 10:41
| #4 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren GMER Teil 1: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-21 08:07:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD322HJ rev.1AC01118 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Kilaoa\AppData\Local\Temp\uwdiipow.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000149850460
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000149850450
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000149850370
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000149850470
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000001498503e0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000149850320
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000001498503b0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000149850390
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000001498502e0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000001498502d0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000149850310
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000001498503c0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000001498503f0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000149850230
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000149850480
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000001498503a0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000001498502f0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000149850350
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000149850290
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000001498502b0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000001498503d0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000149850330
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000149850410
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000149850240
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000001498501e0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000149850250
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000149850490
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000001498504a0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000149850300
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000149850360
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000001498502a0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000001498502c0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000149850380
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000149850340
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000149850440
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000149850260
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000149850270
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000149850400
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000001498501f0
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000149850210
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000149850200
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000149850420
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000149850430
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000149850220
.text C:\Windows\system32\csrss.exe[480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000149850280
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\wininit.exe[548] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\wininit.exe[548] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000149850460
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000149850450
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000149850370
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000149850470
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000001498503e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000149850320
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000001498503b0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000149850390
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000001498502e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000001498502d0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000149850310
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000001498503c0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000001498503f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000149850230
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000149850480
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000001498503a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000001498502f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000149850350
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000149850290
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000001498502b0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000001498503d0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000149850330
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000149850410
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000149850240
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000001498501e0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000149850250
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000149850490
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000001498504a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000149850300
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000149850360
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000001498502a0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000001498502c0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000149850380
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000149850340
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000149850440
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000149850260
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000149850270
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000149850400
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000001498501f0
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000149850210
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000149850200
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000149850420
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000149850430
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000149850220
.text C:\Windows\system32\csrss.exe[580] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000149850280
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\services.exe[604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\services.exe[604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\lsass.exe[628] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\lsm.exe[636] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[740] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\winlogon.exe[848] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\atiesrxx.exe[948] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\System32\svchost.exe[1012] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\System32\svchost.exe[344] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[492] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[596] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\svchost.exe[596] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\AUDIODG.EXE[1068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
|
|
21.07.2014, 10:42
| #5 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren GMER Teil 2: Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[1296] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\atieclxx.exe[1428] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\System32\spoolsv.exe[1648] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007532a2fd 1 byte [62]
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[1848] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\taskhost.exe[1164] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\Dwm.exe[1840] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\Explorer.EXE[1264] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\Explorer.EXE[1264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 00000000771def8d 1 byte [62]
.text C:\Windows\system32\hasplms.exe[1968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007532a2fd 1 byte [62]
.text C:\Windows\system32\hasplms.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076931465 2 bytes [93, 76]
.text C:\Windows\system32\hasplms.exe[1968] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769314bb 2 bytes [93, 76]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007532a2fd 1 byte [62]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073581a22 2 bytes [58, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073581ad0 2 bytes [58, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073581b08 2 bytes [58, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073581bba 2 bytes [58, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073581bda 2 bytes [58, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076931465 2 bytes [93, 76]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2168] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769314bb 2 bytes [93, 76]
.text ... * 2
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000100070460
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000100070450
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000100070370
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000100070470
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000001000703e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000100070320
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000001000703b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000100070390
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000001000702e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000001000702d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000100070310
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000001000703c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000001000703f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000100070230
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000100070480
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000001000703a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000001000702f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000100070350
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000100070290
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000001000702b0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000001000703d0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000100070330
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000100070410
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000100070240
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000001000701e0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000100070250
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000100070490
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000001000704a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000100070300
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000100070360
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000001000702a0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000001000702c0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000100070380
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000100070340
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000100070440
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000100070260
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000100070270
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000100070400
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000001000701f0
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000100070210
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000100070200
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000100070420
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000100070430
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000100070220
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2616] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000100070280
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2680] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075308791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2680] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007532a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076931465 2 bytes [93, 76]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2680] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769314bb 2 bytes [93, 76]
.text ... * 2
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\system32\svchost.exe[3068] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000100250460
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000100250450
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000100250370
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000100250470
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000001002503e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000100250320
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000001002503b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000100250390
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000001002502e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000001002502d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000100250310
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000001002503c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000001002503f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000100250230
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000100250480
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000001002503a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000001002502f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000100250350
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000100250290
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000001002502b0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000001002503d0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000100250330
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000100250410
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000100250240
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000001002501e0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000100250250
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000100250490
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000001002504a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000100250300
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000100250360
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000001002502a0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000001002502c0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000100250380
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000100250340
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000100250440
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000100250260
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000100250270
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000100250400
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000001002501f0
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000100250210
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000100250200
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000100250420
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000100250430
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000100250220
.text C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[3792] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000100250280
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\System32\svchost.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 00000000773f1360 5 bytes JMP 0000000077550460
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000773f13b0 5 bytes JMP 0000000077550450
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000773f1510 5 bytes JMP 0000000077550370
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 00000000773f1560 5 bytes JMP 0000000077550470
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 00000000773f1570 5 bytes JMP 00000000775503e0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 00000000773f1620 5 bytes JMP 0000000077550320
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 00000000773f1650 5 bytes JMP 00000000775503b0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 00000000773f1670 5 bytes JMP 0000000077550390
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000773f16b0 5 bytes JMP 00000000775502e0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 00000000773f1730 5 bytes JMP 00000000775502d0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 00000000773f1750 5 bytes JMP 0000000077550310
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 00000000773f1790 5 bytes JMP 00000000775503c0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000773f17e0 5 bytes JMP 00000000775503f0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 00000000773f1940 5 bytes JMP 0000000077550230
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 00000000773f1b00 5 bytes JMP 0000000077550480
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 00000000773f1b30 5 bytes JMP 00000000775503a0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 00000000773f1c10 5 bytes JMP 00000000775502f0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 00000000773f1c20 5 bytes JMP 0000000077550350
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 00000000773f1c80 5 bytes JMP 0000000077550290
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 00000000773f1d10 5 bytes JMP 00000000775502b0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 00000000773f1d30 5 bytes JMP 00000000775503d0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 00000000773f1d40 5 bytes JMP 0000000077550330
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 00000000773f1db0 5 bytes JMP 0000000077550410
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 00000000773f1de0 5 bytes JMP 0000000077550240
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000773f20a0 5 bytes JMP 00000000775501e0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 00000000773f2160 5 bytes JMP 0000000077550250
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 00000000773f2190 5 bytes JMP 0000000077550490
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000773f21a0 5 bytes JMP 00000000775504a0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000773f21d0 5 bytes JMP 0000000077550300
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000773f21e0 5 bytes JMP 0000000077550360
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 00000000773f2240 5 bytes JMP 00000000775502a0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 00000000773f2290 5 bytes JMP 00000000775502c0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000773f22c0 5 bytes JMP 0000000077550380
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000773f22d0 5 bytes JMP 0000000077550340
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000773f25c0 5 bytes JMP 0000000077550440
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000773f27c0 5 bytes JMP 0000000077550260
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000773f27d0 5 bytes JMP 0000000077550270
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000773f27e0 5 bytes JMP 0000000077550400
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000773f29a0 5 bytes JMP 00000000775501f0
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000773f29b0 5 bytes JMP 0000000077550210
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 00000000773f2a20 5 bytes JMP 0000000077550200
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 00000000773f2a80 5 bytes JMP 0000000077550420
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 00000000773f2a90 5 bytes JMP 0000000077550430
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 00000000773f2aa0 5 bytes JMP 0000000077550220
.text C:\Windows\System32\svchost.exe[4252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 00000000773f2b80 5 bytes JMP 0000000077550280
.text C:\Users\Kilaoa\Desktop\Gmer-19357.exe[3996] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007532a2fd 1 byte [62]
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
21.07.2014, 10:44
| #6 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.07.2014 Suchlauf-Zeit: 23:02:43 Logdatei: mbamb-log-2014-07-16 (23-02-41).txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.16.09 Rootkit Datenbank: v2014.07.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kilaoa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 293853 Verstrichene Zeit: 7 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 1 PUP.Optional.FastStart.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [86b3f7a912691f175ce5616032d06e92] Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.06.2014 Suchlauf-Zeit: 21:50:34 Logdatei: mbamb-log-2014-06-27 (21-49-50).txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.27.08 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kilaoa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 291457 Verstrichene Zeit: 13 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 2 PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, 5516, Löschen bei Neustart, [5420d2ab25569f97a9c2bdd1be43b848] PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 5776, Löschen bei Neustart, [d59f3746d0ab55e1099089d2f30e0df3] Module: 1 PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [82f245386b108ea8dfdf7119a35e7c84], Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [f282abd21467c4725f2d55542cd6ee12], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, In Quarantäne, [c9ab700d78032f07d95aa703c1418a76], Dateien: 3 PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, In Quarantäne, [5420d2ab25569f97a9c2bdd1be43b848], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [d59f3746d0ab55e1099089d2f30e0df3], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [82f245386b108ea8dfdf7119a35e7c84], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.06.2014 Suchlauf-Zeit: 21:28:07 Logdatei: mbamb-log-2014-06-27 (21-28-05).txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.27.08 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kilaoa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 291326 Verstrichene Zeit: 8 Min, 19 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 2 PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, 5516, Löschen bei Neustart, [f97bdba2483364d299d247473ec3d927] PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, 5776, Löschen bei Neustart, [97dd1667f883b5811b7ebf9cf50c916f] Module: 1 PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b0c454290b700234be00553512ef47b9], Registrierungsschlüssel: 13 PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsProtectManger, In Quarantäne, [f97bdba2483364d299d247473ec3d927], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsProtectManger, In Quarantäne, [f97bdba2483364d299d247473ec3d927], PUP.Optional.IePluginService.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IePluginServices, In Quarantäne, [97dd1667f883b5811b7ebf9cf50c916f], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sweet-page uninstall, In Quarantäne, [da9a2b52c6b589ad526c5535df22aa56], PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, In Quarantäne, [ed87fb82502b3ff72535718a946f48b8], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [3a3a98e595e6dc5a6e26f6daee147b85], PUP.Optional.InstallCore.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [284cd6a7f58663d308a5c71f5ea55ca4], Registrierungswerte: 5 PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, In Quarantäne, [3b3956276318ad89f9e4c8e3877be41c] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\suptab\search~1.dll, In Quarantäne, [cfa5c3ba90ebb5814d905754b74bef11] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com, In Quarantäne, [660e7eff6318bf772cf055b118ec2ed2] PUP.Optional.WPM.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSPROTECTMANGER|ImagePath, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -service, In Quarantäne, [fd771b624833043213d7515d34ce07f9] PUP.Optional.InstallCore.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [284cd6a7f58663d308a5c71f5ea55ca4] Registrierungsdaten: 12 PUP.Optional.Skytech.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SupTab\SEARCH~2.DLL, Gut: (), Schlecht: (C:\PROGRA~2\SupTab\SEARCH~2.DLL),Ersetzt,[165e93ea116ad5614c729eece61b36ca] PUP.Optional.Skytech.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\suptab\search~1.dll, Gut: (), Schlecht: (c:\progra~2\suptab\search~1.dll),Ersetzt,[b4c0d7a6453656e07747b9d145bc7c84] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[6d07b6c77902f4422a1b3753c53f7090] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[096b6f0ed2a9c67033143d4d31d3fd03] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}),Ersetzt,[d2a295e87b00f4428fb7beccb54fda26] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[b9bb74090c6f39fd7cc9781218ec7d83] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[660e087581fae650d0779feb46be7789] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}),Ersetzt,[6c08750839422016869d5a254eb68779] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}),Ersetzt,[3c3893ea314a2115f059d1b9cb39d729] PUP.Optional.SweetPage.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|CustomizeSearch, hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}),Ersetzt,[1d57403d9cdf7fb7c880c9c1c341b34d] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[155f403d700bf145f84a2367bc4827d9] PUP.Optional.SweetPage.A, HKU\S-1-5-21-2172048925-2899888979-4254774926-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112, Gut: (hxxp://www.google.com), Schlecht: (hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112),Ersetzt,[a5cfc8b5bebdac8a8cb54a403acab050] Ordner: 64 PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, Löschen bei Neustart, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [eb89621ba5d6e056ed0e582bab576d93], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Löschen bei Neustart, [6212c7b6f38890a6a6e636734ab8ec14], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, In Quarantäne, [6212c7b6f38890a6a6e636734ab8ec14], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger, Löschen bei Neustart, [da9adca1accfdc5aba793f6b867caa56], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log, In Quarantäne, [da9adca1accfdc5aba793f6b867caa56], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update, In Quarantäne, [da9adca1accfdc5aba793f6b867caa56], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], Dateien: 138 PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\wprotectmanager.exe, Löschen bei Neustart, [f97bdba2483364d299d247473ec3d927], PUP.Optional.IePluginService.A, C:\ProgramData\IePluginServices\PluginService.exe, Löschen bei Neustart, [97dd1667f883b5811b7ebf9cf50c916f], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, Löschen bei Neustart, [b0c454290b700234be00553512ef47b9], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [165e93ea116ad5614c729eece61b36ca], PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [b4c0d7a6453656e07747b9d145bc7c84], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [353f8cf16c0fe1556a38dd6e837f956b], PUP.Optional.Skytech.A, C:\Users\Kilaoa\AppData\Roaming\sweet-page\UninstallManager.exe, In Quarantäne, [da9a2b52c6b589ad526c5535df22aa56], PUP.Optional.IePluginService.A, C:\Users\Kilaoa\AppData\Local\Temp\2302824\2302824.zipDir\tmp\SupTab_Setup448.exe, In Quarantäne, [ec885528e09bed4976232b30fe0340c0], PUP.Optional.WPM.A, C:\Users\Kilaoa\AppData\Local\Temp\2302824\2302824.zipDir\tmp\wpm_v20.0.0.401.exe, In Quarantäne, [a5cffb82ec8f2a0c78f3721ce71ac43c], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterfacef32.dll, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv32.dll, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SpAPPSv64.dll, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WebDataJs, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\arrow.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_add_logo_hover.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\default_logo.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\googlelogo2.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\weather\0.png, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ie8.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit.js, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [5123017c3c3f6dc92735418caf530df3], PUP.Optional.SweetPage.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml, In Quarantäne, [7bf92459accff5410f4ac932b64d4db3], Rogue.Multiple, C:\ProgramData\374311380\BIT4182.tmp, In Quarantäne, [eb89621ba5d6e056ed0e582bab576d93], PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update\conf, In Quarantäne, [6212c7b6f38890a6a6e636734ab8ec14], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\log\wprotectmanager_2014-06-27[20-52-50-600].log, In Quarantäne, [da9adca1accfdc5aba793f6b867caa56], PUP.Optional.WPM.A, C:\ProgramData\WindowsProtectManger\update\conf, In Quarantäne, [da9adca1accfdc5aba793f6b867caa56], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module\other.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\default_add_logo_hover.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\logo.ico, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\logo32.ico, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.FastStart.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [1262631adf9c56e0447a4763b44e1ee2], PUP.Optional.SweetPage.A, C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112",), Ersetzt,[df9515681f5c7cba8ea222970cf8629e] PUP.Optional.SweetPage.A, C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "search_url": "hxxp://www.sweet-page.com/web/?type=ds&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112&q={searchTerms}",), Ersetzt,[4f25de9fbcbff6408ea40aafa361728e] PUP.Optional.SweetPage.A, C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112" ],), Ersetzt,[8ee6f687156653e33003a71245bfa45c] PUP.Optional.SweetPage.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.sweet-page.com/newtab/?type=nt&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112");), Ersetzt,[91e33e3fe7943afcc9648237b64eab55] PUP.Optional.SweetPage.A, C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://www.sweet-page.com/?type=hp&ts=1403895152&from=cor&uid=SAMSUNGXHD322HJ_S17AJ90SA21112");), Ersetzt,[a5cf45380b7071c541edd7e232d27f81] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter /mnt/Program Files (x86)/Windows Media Player/wmpconfig.exe: Win.Worm.Whiteice-17 FOUND
/mnt/Program Files (x86)/LinuxLive USB Creator/LiLi USB Creator.exe: Win.Trojan.11477628 FOUND
/mnt/Program Files (x86)/LinuxLive USB Creator/tools/VirtualBox/Portable-VirtualBox/Portable-VirtualBox.exe: Win.Trojan.11477628 FOUND
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV Warning: SWF: Invalid tag length.
LibClamAV info: scancws: Error decompressing SWF file
/mnt/Users/Kilaoa/Downloads/LinuxLive USB Creator 2.8.29.exe: Win.Trojan.11477628 FOUND
/mnt/ProgramData/Blizzard Entertainment/Battle.net/Cache/03/65/0365085e6db8869534846414c5dcbdc1d1ffe13f8db92c1f12ea5c7eddf9298f.auth: WIN.Downloader.Adload-47 FOUND
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
LibClamAV info: scancws: Error decompressing SWF file
/mnt/Windows/System32/drivers/rdbss.sys: Win.Trojan.Zbot-35241 FOUND
/mnt/Windows/SysWOW64/aecache.dll: Win.Trojan.Agent-752483 FOUND
/mnt/Windows/SysWOW64/appwiz.cpl: Win.Trojan.Agent-728870 FOUND
/mnt/Windows/SysWOW64/user32.dll: Win.Trojan.11486308 FOUND
/mnt/Windows/winsxs/amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5/rdbss.sys: Win.Trojan.Zbot-35241 FOUND
/mnt/Windows/winsxs/Backup/amd64_microsoft-windows-rdbss_31bf3856ad364e35_6.1.7601.17514_none_b7fadd3b7808f9d5_rdbss.sys_f97a2535: Win.Trojan.Zbot-35241 FOUND
/mnt/Windows/winsxs/Backup/wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e_user32.dll_55f4ed20: Win.Trojan.11486308 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e/user32.dll: Win.Trojan.11486308 FOUND
/mnt/Windows/winsxs/x86_microsoft-windows-appwiz_31bf3856ad364e35_6.1.7601.17514_none_0dcda26885283f50/appwiz.cpl: Win.Trojan.Agent-728870 FOUND
/mnt/Windows/winsxs/x86_microsoft-windows-dims-keyroam_31bf3856ad364e35_6.1.7600.16385_none_5b7a6e238ef0e573/adprovider.dll: Win.Trojan.Agent-752453 FOUND
/mnt/Windows/winsxs/x86_microsoft-windows-sysprep-aecache_31bf3856ad364e35_6.1.7600.16385_none_f4906b14fa5f4e62/aecache.dll: Win.Trojan.Agent-752483 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.17514_none_73e472e09a1a05d1/wmpconfig.exe: Win.Worm.Whiteice-17 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.18150_none_73b513a89a3e353e/wmpconfig.exe: Win.Worm.Whiteice-17 FOUND
/mnt/Windows/winsxs/wow64_microsoft-windows-mediaplayer-core_31bf3856ad364e35_6.1.7601.22322_none_746122b1b341b10a/wmpconfig.exe: Win.Worm.Whiteice-17 FOUND
|
|
21.07.2014, 13:57
| #7 |
| /// the machine /// TB-Ausbilder | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.07.2014, 15:36
| #8 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an VirenCode:
ATTFilter ComboFix 14-07-21.01 - Kilaoa 21.07.2014 16:26:44.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2403 [GMT 2:00]
ausgeführt von:: c:\users\Kilaoa\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\XSxS
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-21 bis 2014-07-21 ))))))))))))))))))))))))))))))
.
.
2014-07-21 14:32 . 2014-07-21 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-21 05:58 . 2014-07-21 05:59 -------- d-----w- C:\FRST
2014-07-19 08:32 . 2014-07-02 03:09 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{16CB42E8-D2AD-4971-B6FD-85625891CD1E}\mpengine.dll
2014-07-16 20:29 . 2014-07-16 20:29 -------- d-----w- c:\program files\Reason
2014-07-16 20:22 . 2014-07-16 21:42 -------- d-----w- C:\AdwCleaner
2014-07-14 18:14 . 2014-07-14 19:25 -------- d-----w- c:\programdata\firebird
2014-07-14 18:14 . 2014-07-14 18:14 -------- d-----w- c:\users\Kilaoa\Scoutsystems
2014-07-14 18:14 . 2014-07-14 18:14 -------- d-----w- c:\program files (x86)\Breeder Software
2014-07-14 17:55 . 2014-07-14 17:55 -------- d-----w- c:\program files (x86)\Common Files\Data Dynamics
2014-07-14 17:55 . 2014-07-14 17:55 -------- d-----w- c:\windows\ZooEasy
2014-07-14 14:24 . 2014-07-14 14:24 -------- d-----w- c:\users\Kilaoa\AppData\Roaming\WindSolutions
2014-07-14 14:24 . 2014-07-14 14:24 -------- d-----w- c:\programdata\WindSolutions
2014-07-09 05:37 . 2014-06-03 10:02 1719296 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2014-07-09 05:37 . 2014-06-03 10:02 1389568 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2014-07-09 05:37 . 2014-06-03 10:02 1380864 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2014-07-09 05:37 . 2014-06-03 10:02 1354240 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 05:37 . 2014-06-03 09:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2014-07-09 05:37 . 2014-06-30 02:09 519168 ----a-w- c:\windows\system32\aepdu.dll
2014-07-09 05:37 . 2014-06-30 02:04 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-07-09 05:30 . 2014-06-05 14:45 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-09 05:30 . 2014-06-05 14:26 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-07-09 05:30 . 2014-06-05 14:25 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-07-07 20:59 . 2014-07-07 20:59 -------- d-----w- c:\program files (x86)\Sony
2014-07-07 20:59 . 2014-07-07 20:59 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2014-07-05 20:15 . 2014-07-05 20:15 -------- d-----w- c:\users\Kilaoa\AppData\Roaming\OpenOffice
2014-07-03 05:43 . 2014-07-03 05:43 -------- d-----w- c:\program files (x86)\LinuxLive USB Creator
2014-07-02 20:42 . 2014-07-02 20:43 -------- d-----w- c:\program files (x86)\OpenOffice 4
2014-07-02 20:40 . 2014-07-02 20:40 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-07-02 20:40 . 2014-07-02 20:39 313256 ----a-w- c:\windows\system32\javaws.exe
2014-07-02 20:39 . 2014-07-02 20:39 191400 ----a-w- c:\windows\system32\javaw.exe
2014-07-02 20:39 . 2014-07-02 20:39 190888 ----a-w- c:\windows\system32\java.exe
2014-07-02 20:34 . 2014-07-02 20:34 43152 ----a-w- c:\windows\avastSS.scr
2014-07-02 13:39 . 2014-07-02 13:39 -------- d-----w- c:\programdata\ATI
2014-07-02 13:28 . 2014-07-02 13:28 -------- d-----w- c:\users\Kilaoa\AppData\Roaming\library_dir
2014-07-02 13:27 . 2014-07-02 20:06 -------- d-----w- c:\program files (x86)\Raptr
2014-07-02 13:27 . 2014-07-02 13:27 -------- d-----w- c:\program files (x86)\AMD AVT
2014-07-02 13:23 . 2014-07-02 13:23 -------- d-----w- c:\program files\AMD
2014-07-02 13:21 . 2014-07-02 13:21 -------- d-----w- c:\program files\ATI
2014-06-27 19:53 . 2014-06-27 19:53 -------- d-----w- C:\SUPERDelete
2014-06-27 19:00 . 2014-07-21 06:31 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-27 18:53 . 2014-06-27 18:53 -------- d-----w- c:\users\Kilaoa\AppData\Local\WorldofTanks
2014-06-25 15:33 . 2014-07-21 06:02 -------- d-----w- c:\users\Kilaoa\AppData\Local\Adobe
2014-06-23 14:50 . 2014-06-23 14:50 -------- d-----w- c:\program files\Microsoft.NET
2014-06-23 11:16 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-23 11:16 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-23 11:16 . 2014-06-23 11:16 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-23 11:16 . 2014-07-02 20:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-22 23:41 . 2014-06-22 23:41 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-06-22 11:32 . 2014-06-22 11:32 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-06-22 11:32 . 2014-06-22 11:32 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2014-06-22 11:32 . 2014-06-22 11:32 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2014-06-22 11:31 . 2014-06-22 11:32 -------- d-----w- c:\program files\Microsoft SQL Server
2014-06-22 11:29 . 2014-06-22 11:29 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-06-22 11:29 . 2014-06-22 11:29 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2014-06-22 11:29 . 2014-06-22 11:29 -------- d-----w- c:\users\Kilaoa\AppData\Local\Microsoft Help
2014-06-22 11:28 . 2014-06-22 11:31 -------- d-----w- c:\program files\Microsoft Office
2014-06-22 11:28 . 2014-07-13 14:53 -------- d-----w- c:\programdata\Microsoft Help
2014-06-22 11:27 . 2014-06-22 11:27 -------- d-----r- C:\MSOCache
2014-06-22 11:23 . 2014-06-22 11:23 -------- d-----w- c:\program files (x86)\WinCDEmu
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-09 20:10 . 2011-08-20 23:40 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-07-09 06:09 . 2012-03-29 18:53 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-09 06:09 . 2011-08-20 15:19 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-05 17:46 . 2011-08-20 15:26 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-07-02 20:39 . 2014-01-16 20:07 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-07-02 20:34 . 2014-01-07 18:18 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-07-02 20:34 . 2013-05-31 05:32 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-02 20:34 . 2013-05-31 05:32 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-07-02 20:34 . 2011-08-20 15:26 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-02 20:34 . 2011-08-20 15:26 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-02 20:34 . 2011-08-20 15:26 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-07-02 20:34 . 2012-02-25 10:52 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-06-27 06:00 . 2011-09-21 10:59 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-06-27 06:00 . 2011-09-21 10:56 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-06-27 05:50 . 2011-09-21 10:56 290776 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-12 05:25 . 2011-08-22 14:00 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-08 09:32 . 2014-06-12 09:33 3178496 ----a-w- c:\windows\system32\rdpcorets.dll
2014-05-08 09:32 . 2014-06-12 09:33 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-05-05 15:30 . 2014-05-05 15:30 5 ----a-w- c:\windows\SysWow64\lMMLDeleteUserData42107612FX.tmp
2014-04-25 02:34 . 2014-06-12 09:33 801280 ----a-w- c:\windows\system32\usp10.dll
2014-04-25 02:06 . 2014-06-12 09:33 626688 ----a-w- c:\windows\SysWow64\usp10.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 11:25 1730264 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-07-02 4086432]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
c:\users\Kilaoa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System\Startup\AutorunsDisabled\
Chatter Desktop.lnk - c:\program files (x86)\salesforce.com\Chatter Desktop\Chatter Desktop.exe [2014-3-25 142336]
Password Safe.lnk - c:\program files (x86)\Password Safe\pwsafe.exe -s [2012-12-24 3826176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 athrusb;Belkin Wireless LAN USB device driver;c:\windows\system32\DRIVERS\athrxusb.sys;c:\windows\SYSNATIVE\DRIVERS\athrxusb.sys [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 fwlanusb4;FRITZ!WLAN N/G;c:\windows\system32\DRIVERS\fwlanusb4.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb4.sys [x]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys;c:\windows\SYSNATIVE\Drivers\ANDROIDUSB.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan60.sys [x]
R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys;c:\windows\SYSNATIVE\DRIVERS\s1018bus.sys [x]
R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdfl.sys [x]
R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mdm.sys [x]
R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys;c:\windows\SYSNATIVE\DRIVERS\s1018mgmt.sys [x]
R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys;c:\windows\SYSNATIVE\DRIVERS\s1018nd5.sys [x]
R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys;c:\windows\SYSNATIVE\DRIVERS\s1018obex.sys [x]
R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys;c:\windows\SYSNATIVE\DRIVERS\s1018unic.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2013.SP1a\RpcAgentSrv.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys;c:\windows\SYSNATIVE\DRIVERS\RtVLAN60.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys;c:\program files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys;c:\windows\SYSNATIVE\drivers\cpuz135_x64.sys [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 UnsignedThemes;Unsigned Themes;c:\windows\UnsignedThemesSvc.exe;c:\windows\UnsignedThemesSvc.exe [x]
S2 uxpatch;uxpatch;c:\windows\system32\drivers\uxpatch.sys;c:\windows\SYSNATIVE\drivers\uxpatch.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 BazisVirtualCDBus;WinCDEmu Virtual Bus Driver;c:\windows\system32\DRIVERS\BazisVirtualCDBus.sys;c:\windows\SYSNATIVE\DRIVERS\BazisVirtualCDBus.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 06:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-10 11:21 2335960 ----a-w- c:\progra~1\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-07-02 20:34 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
uInternet Settings,ProxyOverride = localhost; 127.0.0.1; <local>;*.local
uSearchURL,(Default) = hxxp://search.minilua.com/q/%s
mSearchAssistant = hxxp://www.google.com/
mCustomizeSearch = hxxp://www.google.com/
IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office15\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{A771A120-6C16-4D04-9A21-DC9F36F46170}: NameServer = 192.168.2.1
TCP: Interfaces\{EF4B6E21-F859-4A36-8D15-C45AF294EA1E}: NameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{8A69D345-D564-463c-AFF1-A69D9E530F96} - c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-21 16:33:42
ComboFix-quarantined-files.txt 2014-07-21 14:33
.
Vor Suchlauf: 14 Verzeichnis(se), 22.521.421.824 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 22.425.317.376 Bytes frei
.
- - End Of File - - 262363771EA6734E0B2DF6A3EC49E7F9
EA923EB0EC0060F1451E9AD7B5762CFE
|
|
22.07.2014, 10:44
| #9 |
| /// the machine /// TB-Ausbilder | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.07.2014, 22:15
| #10 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 22.07.2014 Suchlauf-Zeit: 22:40:19 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.22.09 Rootkit Datenbank: v2014.07.17.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Kilaoa Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 308564 Verstrichene Zeit: 7 Min, 52 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.216 - Bericht erstellt am 22/07/2014 um 22:58:47
# Aktualisiert 17/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Kilaoa - KILAOA-PC
# Gestartet von : C:\Users\Kilaoa\Desktop\adwcleaner_3.216.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17207
-\\ Mozilla Firefox v30.0 (en-GB)
[ Datei : C:\Users\Kilaoa\AppData\Roaming\Mozilla\Firefox\Profiles\d5eeteom.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Kilaoa\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [3651 octets] - [16/07/2014 22:22:59]
AdwCleaner[R1].txt - [1052 octets] - [16/07/2014 23:23:25]
AdwCleaner[R2].txt - [1171 octets] - [22/07/2014 22:57:27]
AdwCleaner[S0].txt - [3500 octets] - [16/07/2014 22:24:44]
AdwCleaner[S1].txt - [1114 octets] - [16/07/2014 23:42:16]
AdwCleaner[S2].txt - [1093 octets] - [22/07/2014 22:58:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1153 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Kilaoa on 22.07.2014 at 23:07:22,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{0DBBD7B5-1BB9-4E6E-8893-94F0B20A301C}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{416233A1-A2DE-4FA6-A18C-645803AB3796}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{4549B52E-5E5E-44FF-9FE7-20D31DD9D2F6}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{4609C820-BF6E-4DF6-9EA6-3291A163404C}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{608046AF-4FCD-4DB8-9F4B-A735512FB9B8}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{7636D98F-AB84-4296-B56D-8DE5D0071A3F}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{848AB620-BB2E-4B8B-B9CA-2737867B5A22}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{9435B065-6077-4EC6-A733-FBFA5333D430}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{969EA50E-0F77-4F0C-B255-C7D1FDB8FFD7}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{A2D05BC2-2332-4D93-BE26-D73E204EDBC6}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{BBC1C21E-4F4F-4CB0-8D38-08F2872EAE25}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{DA0B4A66-FB55-43BE-9AFC-4CA2EDD83FEF}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{DD0E9880-6123-48CF-89EB-77ACFEB4F15F}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{DFEC6045-667C-4865-B556-B6258249636D}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{E9E3C600-23E4-4E5E-A77A-D37C88058AAF}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{EE6CB343-2A60-448E-98CE-4894596BB92A}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{F53E3179-C015-41A3-B1B8-C5379481E0BE}
Successfully deleted: [Empty Folder] C:\Users\Kilaoa\appdata\local\{F8403AD8-70F3-466D-8D3F-9847199CAFEA}
~~~ FireFox
Successfully deleted the following from C:\Users\Kilaoa\AppData\Roaming\mozilla\firefox\profiles\d5eeteom.default\prefs.js
user_pref("extensions.urllink.submenu.7", "In Wi&kipedia|hxxp://en.wikipedia.org/wiki/Special:Search?search=*&sourceid=mozilla-search");
Emptied folder: C:\Users\Kilaoa\AppData\Roaming\mozilla\firefox\profiles\d5eeteom.default\minidumps [227 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.07.2014 at 23:13:04,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
23.07.2014, 15:41
| #11 |
| /// the machine /// TB-Ausbilder | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an VirenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.07.2014, 22:03
| #12 |
| | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Hallo schrauber, ich habe zwar keine externe Festplatte, die ich an meinen PC anschließe, aber eine NAS (QNAP TS-112) an die wiederum für Backups eine externe Festplatte angeschlossen wird. Wird diese mitgescannt, soll / kann selbige gescannt werden? |
|
24.07.2014, 19:06
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren Die kanst du normalerweise mit scannen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: ClamAV(Ubuntu) findet ein Potpourri an Viren |
| anhänge, anhängen, benötigt, clamav, distribution, ergebnis, hallo zusammen, nachfrage, player/wmpconfig.exe:, pup.optional.faststart.a, pup.optional.iepluginservice.a, pup.optional.iepluginservices.a, pup.optional.installcore.a, pup.optional.skytech.a, pup.optional.suptab.a, pup.optional.sweetpage.a, pup.optional.wpm.a, rogue.multiple, sweet-page, sweet-page entfernen, sweetpage, sweetpage entfernen, windows 7, zusammen |
Linear-Darstellung
