| |
| |||||||
Log-Analyse und Auswertung: "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplettWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.08.2014, 16:38
| #1 |
 |  "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Firefox schließt sich, wenn ich irgendwo ein Flashvideo anklicke. Es kommt die Fehlermeldung "plugin container for firefox funktioniert nicht mehr". Deinstallation von Firefox und Neuinstallation hat nicht geholfen. Adobe Flashplayer ist auf dem neuesten Stand. defogger_disable Log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:42 on 25/08/2014 (XXXXX_2)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03 Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 25-08-2014 16:44:13 Running from C:\Users\XXXXX_2\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Programme\FeedReader30\feedreader.exe (J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe () C:\Windows\SysWOW64\PSIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Dropbox, Inc.) C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) F:\R+S Homepage\WS_FTP95.exe (ConTEXT Project Ltd) C:\Program Files\ConTEXT\ConTEXT.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.) HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten) HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten) HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.) HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default FF Homepage: chrome://speeddial/content/speeddial.xul FF NetworkProxy: "backup.ftp", "76.73.26.77" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "76.73.26.77" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "76.73.26.77" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "76.73.26.77" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "76.73.26.77" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "76.73.26.77" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "76.73.26.77" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20] FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-23] FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23] FF Extension: Video Downloader professional - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-08-23] FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20] FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09] FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20] FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10] FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14] FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07] FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02] FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07] FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-16] FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: qvo6 CHR DefaultSearchProvider: qvo6 CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms} CHR DefaultSuggestURL: CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11] CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software) R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed] U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] () S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed] S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] () S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.) S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.) R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 16:44 - 2014-08-25 16:45 - 00029086 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt 2014-08-25 16:44 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST 2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe 2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log 2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable 2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe 2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe 2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log 2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe 2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe 2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe 2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software 2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-16 13:09 - 2014-08-24 10:28 - 00000000 ____D () C:\AdwCleaner 2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI 2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe 2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt 2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-14 15:58 - 2014-08-25 15:17 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm 2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility 2014-08-05 19:12 - 2014-08-14 15:26 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-25 16:45 - 2014-08-25 16:44 - 00029086 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt 2014-08-25 16:44 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST 2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe 2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log 2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable 2014-08-25 16:42 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien 2014-08-25 16:42 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2 2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe 2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-25 16:34 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-25 16:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-25 16:06 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job 2014-08-25 16:02 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-08-25 15:17 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-25 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-25 10:33 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job 2014-08-25 10:22 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2014-08-25 10:22 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2014-08-25 10:22 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-08-24 17:50 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-24 17:50 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-24 17:49 - 2010-09-26 08:46 - 01289600 _____ () C:\Windows\WindowsUpdate.log 2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log 2014-08-24 17:41 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox 2014-08-24 17:41 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox 2014-08-24 17:40 - 2012-07-21 14:16 - 00131072 _____ () C:\Windows\system32\Ikeext.etl 2014-08-24 17:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-24 17:39 - 2009-07-14 06:51 - 00179046 _____ () C:\Windows\setupact.log 2014-08-24 17:39 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log 2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe 2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter 2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini 2014-08-24 10:28 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner 2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe 2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-24 10:16 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe 2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe 2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe 2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader 2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-08-24 10:01 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX 2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-08-24 10:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software 2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI 2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe 2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt 2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT 2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil 2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent 2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira 2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk 2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp 2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT 2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk 2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 15:26 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data 2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView 2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee 2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla 2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper 2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm 2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility 2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll Some content of TEMP: ==================== C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 11:34 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-08-2014 03
Ran by XXXXX_2 at 2014-08-25 16:45:52
Running from C:\Users\XXXXX_2\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)
Acer Backup Manager (HKLM-x32\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.1.68 - NewTech Infosystems)
Acer Crystal Eye Webcam (HKLM-x32\...\{7760D94E-B1B5-40A0-9AA0-ABF942108755}) (Version: 5.2.19.3 - Suyin Optronics Corp)
Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3005 - Acer Incorporated)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0826.2010 - Acer Incorporated)
Acer VCM (HKLM-x32\...\{047F790A-7A2A-4B6A-AD02-38092BA63DAC}) (Version: 4.05.3002 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.178 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\{15AE611F-5A40-4BD0-9291-1C6856BDB9A4}) (Version: 14.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Alien Skin Eye Candy 5 Nature (HKLM-x32\...\EyeCandy5Nature) (Version: - )
Alien Skin Xenofex 2.0 (HKLM-x32\...\Xenofex2) (Version: - )
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio Elements 10.0.9 (HKLM-x32\...\Ashampoo Burning Studio Elements_is1) (Version: 3.1.1 - Ashampoo GmbH & Co. KG)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Avidemux 2.5 (32-bit) (HKLM-x32\...\Avidemux 2.5) (Version: 2.5.6.7716 - )
AVS Update Manager 1.0 (HKLM-x32\...\AVS Update Manager_is1) (Version: - Online Media Technologies Ltd.)
AVS4YOU Software Navigator 1.4 (HKLM-x32\...\AVS4YOU Software Navigator_is1) (Version: - Online Media Technologies Ltd.)
Backup Manager Advance (x32 Version: 2.0.1.68 - NewTech Infosystems) Hidden
Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 14.0.2.3 - Broadcom Corporation)
calibre (HKLM-x32\...\{1BFDD064-4C67-4156-A6C6-6E8D63563B3B}) (Version: 1.20.0 - Kovid Goyal)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.0 - Canon Inc.)
Canon iP7200 series Benutzerregistrierung (HKLM-x32\...\Canon iP7200 series Benutzerregistrierung) (Version: - Canon Inc.?)
Canon iP7200 series On-screen Manual (HKLM-x32\...\Canon iP7200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon Kurzwahlprogramm (HKLM-x32\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 3.1 (HKLM-x32\...\MP Navigator EX 3.1) (Version: - )
Canon MX350 series Benutzerregistrierung (HKLM-x32\...\Canon MX350 series Benutzerregistrierung) (Version: - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version: - )
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
COMPUTER BILD Account-Alarm (HKLM-x32\...\{04B0A9F1-070A-4C32-A575-6D2DC8F5C52E}) (Version: 1.0.3 - J3S)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.2.0.1 - concept/design GmbH)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
ConTEXT v0.98.6 (HKLM-x32\...\{73E0D3A0-9C30-4F59-ABBF-6233686FB396}_is1) (Version: - ConTEXT Project Ltd)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Paint Shop Pro Photo XI (HKLM-x32\...\{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}) (Version: 11.00.0000 - Corel Inc)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Corel VideoStudio Pro X3 (HKLM-x32\...\_{F072CA07-A781-45E4-9975-C033A73019CF}) (Version: 1.6.2.69 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAZ Content Management Service (HKLM-x32\...\DAZ Content Management Service 4.8.1.6) (Version: 4.8.1.6 - DAZ 3D)
DAZ Studio 4 (HKLM-x32\...\DAZ Studio 4 4.0.0.335) (Version: 4.0.0.335 - DAZ 3D)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{2A07A3D4-F6CA-4EEB-9576-3A6AC8A736CE}) (Version: - Microsoft)
DeviceIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
DS4 Default Content (HKLM-x32\...\DS4 Default Content 4.0.0.8) (Version: 4.0.0.8 - DAZ 3D)
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Eye Candy 4000 (HKLM-x32\...\Eye Candy 4000) (Version: - )
FeedReader (HKLM-x32\...\FeedReader_is1) (Version: - i-Systems Inc.)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Free Screen Video Recorder version 2.5.22.508 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.22.508 - DVDVideoSoft Ltd.)
Free Video Dub version 2.0.12.706 (HKLM-x32\...\Free Video Dub_is1) (Version: 2.0.12.706 - DVDVideoSoft Ltd.)
FrostWire 5.3.6 (HKLM-x32\...\FrostWire 5) (Version: 5.3.6.0 - FrostWire Team)
GetFLV 9.6.5.5 (HKLM-x32\...\GetFLV_is1) (Version: - GetFLV, Inc.)
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
ICA (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
instplugin (HKLM-x32\...\instplugin) (Version: - )
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1892 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.2.1001 - Intel Corporation)
InterVideo DeviceService (HKLM-x32\...\{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}) (Version: 1.0.0 - InterVideo)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{5FEBF468-5AC2-4C66-AD80-DF85C085AA73}) (Version: 8.5.10.76 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.5.10.76 - InterVideo Inc.) Hidden
IPM_VS_Pro (x32 Version: 13.0 - Corel Corporation) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Jasc Animation Shop 3 (HKLM-x32\...\{174D5678-D941-433C-BD23-58A5C7B0D36D}) (Version: 3.05.0000 - Jasc Software Inc)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.14 - Acer Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Outlook Hotmail Connector 64-Bit (HKLM\...\{95140000-007A-0407-1000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Outlook Social Connector Provider for Windows Live Messenger 64-bit (HKLM\...\{95140000-007D-0409-1000-0000000FF1CE}) (Version: 14.0.5120.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.23 - Corel Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.8928 - NTI Corporation)
NTI Media Maker 9 (x32 Version: 9.0.2.8928 - NTI Corporation) Hidden
OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org)
OpenVPN 2.2.2 (HKLM-x32\...\OpenVPN) (Version: 2.2.2 - )
PartitionMagic (x32 Version: 8.00.000 - PowerQuest) Hidden
PureHD (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6151 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30121 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.43 - Piriform)
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)
Secunia PSI (3.0.0.9016) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.9016 - Secunia)
Securepoint SSL VPN (HKLM-x32\...\Securepoint SSL VPN) (Version: - Securepoint GmbH)
Security Utility (HKLM-x32\...\Security Utility) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden
Setup (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Share64 (Version: 1.6.2.36 - Corel Corporation) Hidden
SilverCrest DMTS2017 Driver (HKLM-x32\...\{1E494817-D81E-4B0E-B379-F34DF4DCDA58}) (Version: 1.0 - TARGA)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.1.2 - SmartSound Software Inc.)
SmartSound Quicktracks Plugin (x32 Version: 3.0.1.2 - SmartSound Software Inc.) Hidden
Sony PC Companion 2.10.115 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.115 - Sony)
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
Sqirlz Water Reflections (HKLM-x32\...\Sqirlz Water Reflections) (Version: 2.6 - xiberpix)
Steuer-Spar-Erklärung 2012 (HKLM-x32\...\{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}) (Version: 17.02 - Wolters Kluwer Deutschland GmbH)
Steuer-Spar-Erklärung 2013 (HKLM-x32\...\{AEB61F7A-4BBA-4292-A096-7893E09034A4}) (Version: 18.06 - Wolters Kluwer Deutschland GmbH)
SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.04.49 - Akademische Arbeitsgemeinschaft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
TVUPlayer 2.5.3.1 (HKLM-x32\...\TVUPlayer) (Version: 2.5.3.1 - TVU networks)
Ulead GIF Animator 5 Test (HKLM-x32\...\{8AF3E926-ED59-11D4-A44B-0000E86D2305}) (Version: - )
Ulead PhotoImpact 8 (HKLM-x32\...\{3D960387-76B3-4758-BAF7-D156B14A032F}) (Version: 8.0 - Ulead System)
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{B114A387-8A14-4C43-AE51-82F17EB81D49}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8F699D53-05FB-488E-B7D3-E4E47257BE5D}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{6164E0E5-C903-488C-93AF-1B7AF7EBC331}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{FD360122-6829-4497-97C1-1BF578EF695B}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version: - Microsoft)
Video Download Studio 3.4.14 (HKLM-x32\...\{8A075C9A-1368-4491-855E-F3D9ABE55740}_is1) (Version: - aHisoft)
Video Downloader version 2.0 (HKLM-x32\...\Video Downloader_is1) (Version: 2.0 - )
VIO (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSClassic (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
VSPro (x32 Version: 1.6.2.36 - Corel Corporation) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3004 - Acer Incorporated)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - )
Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WinZip 16.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240CD}) (Version: 16.0.9715 - WinZip Computing, S.L. )
Wondershare Free YouTube Downloader(Build 3.8.0.4) (HKLM-x32\...\Wondershare Free YouTube Downloader_is1) (Version: 3.8.0.4 - Wondershare Software)
Wondershare Video Converter Ultimate(Build 6.7.1.0) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.7.1.0 - Wondershare Software)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{268502F4-815D-4358-A8D6-B783FDB58EF0}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.ContextMenuHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{528EE335-5034-4EFC-834E-63E5F02D2BC2}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{6066ADF0-9EB0-43E5-ADB6-990F5A3B979C}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{77BC4082-DB5F-439A-8DC8-F9E24A63B0DE}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Telekom\MediencenterSync\DTAG.Mediencenter.IconOverlayHandler.dll No (the data entry has 5 more characters).
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-752392268-3339214621-1681333280-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
16-08-2014 10:11:40 Ende der Bereinigung
16-08-2014 11:14:58 avast! antivirus system restore point
16-08-2014 13:21:09 Removed Jasc Animation Shop 3
19-08-2014 18:48:46 Windows Update
23-08-2014 19:01:56 Removed Adobe Flash Player 14 Plugin.
24-08-2014 07:53:12 Wiederherstellungsvorgang
24-08-2014 08:13:52 Windows Update
24-08-2014 08:42:00 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0FFD4DF7-E79E-4CF0-AE38-56D663221D27} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5CBF856C-D0CF-4FBD-9BD8-2D2AC2FD1224} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {6F0BCF1C-DA02-4B83-88AF-6C6F6228E90E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {8C54AD7F-34A0-47AE-B099-EE52B61C2F3A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25] (Adobe Systems Incorporated)
Task: {C712CDA3-DE89-4111-9621-0A1AD2FAFAA7} - System32\Tasks\Games\UpdateCheck_S-1-5-21-752392268-3339214621-1681333280-1000
Task: {D321CF44-4271-44F1-A90C-0A13B5A0152E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-24] (AVAST Software)
Task: {DE2FFE30-8218-4F49-A8B1-33E1B539385F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: {EE4A2A93-391A-43D8-B769-C8E0934C54CC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-23] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2008-10-24 17:35 - 2008-10-24 17:35 - 00128296 _____ () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2011-08-16 16:20 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2010-09-26 08:54 - 2010-06-09 18:54 - 00206208 _____ () C:\Windows\PLFSetI.exe
2014-04-20 17:28 - 2009-03-29 11:30 - 02058240 _____ () C:\Programme\FeedReader30\feedreader.exe
2007-06-05 14:20 - 2007-06-05 14:20 - 00177704 _____ () C:\Windows\SysWOW64\PSIService.exe
2012-11-01 13:11 - 2012-11-01 13:11 - 00198024 _____ () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-08-14 16:12 - 2014-08-06 11:34 - 00011584 _____ () C:\Program Files (x86)\TeamViewer\Version9\outlook\ManagedAggregator.dll
2013-02-15 04:36 - 2013-02-15 04:36 - 01554496 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2014-08-24 10:45 - 2014-08-24 10:45 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-24 14:55 - 2014-08-24 14:55 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082400\algo.dll
2014-08-25 14:21 - 2014-08-25 14:21 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082500\algo.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-08-07 11:39 - 2014-08-07 11:39 - 00014336 _____ () C:\Program Files (x86)\COMPUTER BILD Account-Alarm\BCrypt.Net.dll
2010-06-29 00:20 - 2010-06-29 00:20 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2010-06-29 00:12 - 2010-06-29 00:12 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
2014-08-24 17:41 - 2014-08-24 17:41 - 00043008 _____ () c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00009826 _____ () C:\Program Files\Securepoint SSL VPN\mingwm10.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00020480 _____ () C:\Program Files\Securepoint SSL VPN\libgcc_s_dw2-1.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 00967168 _____ () C:\Program Files\Securepoint SSL VPN\QtCore4.dll
2011-05-20 16:14 - 2011-05-20 16:14 - 01209344 _____ () C:\Program Files\Securepoint SSL VPN\QtNetwork4.dll
2010-09-06 14:06 - 2009-05-20 08:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll
2012-02-18 15:16 - 2007-08-02 22:07 - 00034064 _____ () C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\DetMethod.dll
2014-08-24 10:45 - 2014-08-24 10:45 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-14 16:13 - 2014-08-14 16:13 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e28fdf645d0ce4b58b0ee3352e1de34c\IsdiInterop.ni.dll
2010-09-06 13:20 - 2010-04-13 18:52 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-24 10:16 - 2014-07-17 07:42 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-02-07 10:48 - 2013-12-19 18:15 - 00146320 _____ () C:\Programme\Video Converter Ultimate\SVRFirefoxExt\components\VCFFComponent4.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/25/2014 04:39:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 04:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xd30
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 04:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 04:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1b1c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 04:35:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1ed4
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 04:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1614
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/25/2014 10:33:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GoogleUpdate.exe, Version: 1.3.21.103, Zeitstempel: 0x4f3c6d6c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000223e0
ID des fehlerhaften Prozesses: 0x1e24
Startzeit der fehlerhaften Anwendung: 0xGoogleUpdate.exe0
Pfad der fehlerhaften Anwendung: GoogleUpdate.exe1
Pfad des fehlerhaften Moduls: GoogleUpdate.exe2
Berichtskennung: GoogleUpdate.exe3
Error: (08/24/2014 05:43:54 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 14 ActiveX -- Error 1704.An installation for QuickTime 7 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?
Error: (08/24/2014 04:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x1024
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/24/2014 10:42:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary jzommrlh.
System Error:
Das System kann die angegebene Datei nicht finden.
.
System errors:
=============
Error: (08/25/2014 10:19:36 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.
Modulpfad: C:\Windows\System32\bcmihvsrv64.dll
Fehlercode: 21
Error: (08/24/2014 05:39:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DAZ Content Management Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/24/2014 05:39:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst DAZ Content Management Service erreicht.
Error: (08/24/2014 05:39:24 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: Der Dienst "Avira Browser-Schutz" ist von folgendem Dienst abhängig: AntiVirService. Dieser Dienst ist eventuell nicht installiert.
Error: (08/24/2014 05:38:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\PQNTDrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (08/24/2014 05:39:15 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ?24.?08.?2014 um 17:37:17 unerwartet heruntergefahren.
Error: (08/24/2014 05:36:52 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (08/24/2014 05:35:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (08/24/2014 05:34:41 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows-Fehlerberichterstattungsdienst erreicht.
Error: (08/24/2014 05:31:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0006F03A-0000-0000-C000-000000000046}
Microsoft Office Sessions:
=========================
Error: (08/25/2014 04:39:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b140401cfc0726a22af0eC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla96c2513-2c65-11e4-8606-1c7508023576
Error: (08/25/2014 04:39:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bd3001cfc071ee33c52fC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll9078ed92-2c65-11e4-8606-1c7508023576
Error: (08/25/2014 04:39:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf7801cfc071fdb5e061C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll8ef02a65-2c65-11e4-8606-1c7508023576
Error: (08/25/2014 04:35:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1b1c01cfc071d7a77025C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1adfa17b-2c65-11e4-8606-1c7508023576
Error: (08/25/2014 04:35:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b1ed401cfc0714f0f7711C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll17bd7187-2c65-11e4-8606-1c7508023576
Error: (08/25/2014 04:19:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b161401cfbfb28f2c5cc2C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc8d214e-2c62-11e4-8606-1c7508023576
Error: (08/25/2014 10:33:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cntdll.dll6.1.7601.18247521ea8e7c0000005000223e01e2401cfc03d5248b899C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exeC:\Windows\SysWOW64\ntdll.dll7163d0a1-2c32-11e4-8606-1c7508023576
Error: (08/24/2014 05:43:54 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT-AUTORITÄT)
Description: Product: Adobe Flash Player 14 ActiveX -- Error 1704.An installation for QuickTime 7 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (08/24/2014 04:12:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b102401cfbf89d6d52240C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllbb817265-2b98-11e4-a2c4-1c7508023576
Error: (08/24/2014 10:42:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary jzommrlh.
System Error:
Das System kann die angegebene Datei nicht finden.
==================== Memory info ===========================
Processor: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4025.97 MB
Available physical RAM: 1900.65 MB
Total Pagefile: 8050.13 MB
Available Pagefile: 4917.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:292.59 GB) (Free:219.03 GB) NTFS
Drive e: (Daten) (Fixed) (Total:97.66 GB) (Free:32.65 GB) NTFS
Drive f: (Internet) (Fixed) (Total:192.83 GB) (Free:40.46 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 46227C9E)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=292.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=290.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
adwCleaner als Anlage, da der Text sonst zu lang ist. Malwarebytes hatte kein Ergebnis Vielen Dank im Voraus für Eure Hilfe! |
|
25.08.2014, 16:45
| #2 |
| /// the machine /// TB-Ausbilder    | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
25.08.2014, 16:49
| #3 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett GMER - Teil 1 von 4
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-25 17:10:11
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596,17GB
Running: Gmer-19357.exe; Driver: C:\Users\XXXXX_2\AppData\Local\Temp\fwloyuow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 666 fffff800035ab08a 45 bytes [00, 00, 01, 00, 0D, 00, 40, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 712 fffff800035ab0b8 7 bytes {OR EAX, 0xffffffffffffd800; CALL QWORD [RBX+0x0]}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\services.exe[612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\services.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\lsass.exe[644] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\svchost.exe[904] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\svchost.exe[904] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\svchost.exe[1008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\svchost.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\System32\svchost.exe[276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\svchost.exe[396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\svchost.exe[396] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[520] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[520] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\svchost.exe[1144] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
|
|
25.08.2014, 16:50
| #4 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett GMER - Teil 2 von 4 Code:
ATTFilter .text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\svchost.exe[1364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe[1844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000100070490
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000001000704a0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[2008] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\taskhost.exe[2016] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\Explorer.EXE[1116] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\Explorer.EXE[1116] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\igfxtray.exe[2252] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\hkcmd.exe[2260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\igfxpers.exe[2268] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\igfxsrvc.exe[2340] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[2452] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 195 0000000073e51b41 2 bytes [E5, 73]
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 362 0000000073e51be8 2 bytes [E5, 73]
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 418 0000000073e51c20 2 bytes [E5, 73]
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 596 0000000073e51cd2 2 bytes [E5, 73]
.text C:\Windows\PLFSetI.exe[2768] C:\Windows\SysWOW64\d3d8thk.dll!OsThunkDdWaitForVerticalBlank + 628 0000000073e51cf2 2 bytes [E5, 73]
.text C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe[2820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
|
|
25.08.2014, 16:53
| #5 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett GMER - Teil 3 von 4: Code:
ATTFilter .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220 .text C:\Windows\system32\svchost.exe[2852] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220 .text C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe[2952] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280 .text C:\Program Files (x86)\Acer\Registration\GREGsvc.exe[2968] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe[2068] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220 .text C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE[1260] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2248] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Programme\FeedReader30\feedreader.exe[1036] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe[736] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe[2448] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[2528] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077681465 2 bytes [68, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776814bb 2 bytes [68, 77] .text ... * 2 .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe[2444] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077681465 2 bytes [68, 77] .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000776814bb 2 bytes [68, 77] .text ... * 2 ? C:\Windows\system32\mssprxy.dll [3152] entry point in ".rdata" section 00000000748e71e6 .text C:\Program Files (x86)\Secunia\PSI\PSIA.exe[3344] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[3440] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe[3508] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\LManager.exe[3576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe[3700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280 .text C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe[3768] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62] .text C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe[3932] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62] |
|
25.08.2014, 16:56
| #6 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett GMER - Teil 4 von 4: Code:
ATTFilter .text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe[3532] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe[3660] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe[3208] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3760] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075838791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3760] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\igfxext.exe[5080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe[5396] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe[6060] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\system32\SearchIndexer.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[5624] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Windows\System32\svchost.exe[3360] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Windows\system32\taskhost.exe[6048] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077521360 5 bytes JMP 0000000077680460
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000775213b0 5 bytes JMP 0000000077680450
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077521510 5 bytes JMP 0000000077680370
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077521560 5 bytes JMP 0000000077680470
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077521570 5 bytes JMP 00000000776803e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077521620 5 bytes JMP 0000000077680320
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077521650 5 bytes JMP 00000000776803b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077521670 5 bytes JMP 0000000077680390
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000775216b0 5 bytes JMP 00000000776802e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077521730 5 bytes JMP 00000000776802d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077521750 5 bytes JMP 0000000077680310
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077521790 5 bytes JMP 00000000776803c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000775217e0 5 bytes JMP 00000000776803f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077521940 5 bytes JMP 0000000077680230
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077521b00 5 bytes JMP 0000000077680480
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077521b30 5 bytes JMP 00000000776803a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077521c10 5 bytes JMP 00000000776802f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077521c20 5 bytes JMP 0000000077680350
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077521c80 5 bytes JMP 0000000077680290
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077521d10 5 bytes JMP 00000000776802b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077521d30 5 bytes JMP 00000000776803d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077521d40 5 bytes JMP 0000000077680330
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077521db0 5 bytes JMP 0000000077680410
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077521de0 5 bytes JMP 0000000077680240
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000775220a0 5 bytes JMP 00000000776801e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077522160 5 bytes JMP 0000000077680250
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077522190 5 bytes JMP 0000000077680490
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000775221a0 5 bytes JMP 00000000776804a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000775221d0 5 bytes JMP 0000000077680300
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000775221e0 5 bytes JMP 0000000077680360
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077522240 5 bytes JMP 00000000776802a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077522290 5 bytes JMP 00000000776802c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000775222c0 5 bytes JMP 0000000077680380
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000775222d0 5 bytes JMP 0000000077680340
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000775225c0 5 bytes JMP 0000000077680440
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000775227c0 5 bytes JMP 0000000077680260
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000775227d0 5 bytes JMP 0000000077680270
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000775227e0 5 bytes JMP 0000000077680400
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000775229a0 5 bytes JMP 00000000776801f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000775229b0 5 bytes JMP 0000000077680210
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077522a20 5 bytes JMP 0000000077680200
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077522a80 5 bytes JMP 0000000077680420
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077522a90 5 bytes JMP 0000000077680430
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077522aa0 5 bytes JMP 0000000077680220
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077522b80 5 bytes JMP 0000000077680280
.text C:\Program Files\Windows Sidebar\sidebar.exe[5984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007730ef8d 1 byte [62]
.text C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe[6312] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
.text C:\Users\XXXXX_2\Desktop\Gmer-19357.exe[7096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007585a2fd 1 byte [62]
---- Processes - GMER 2.1 ----
Library C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2014-07-30 00:20:20) 0000000003fe0000
Library c:\users\XXXXX_2\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2014-08-24 15:41:40) 0000000004660000
Library C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192](2013-08-23 19:01:44) 000000005d550000
Library C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe [3192] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 0000000065130000
---- Files - GMER 2.1 ----
File C:\Program Files (x86)\Secunia\PSI\SUA\running 0 bytes
---- EOF - GMER 2.1 ----
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 23/08/2014 um 18:39:10
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX_2 - XXXXXS-ACER
# Gestartet von : E:\Downloads\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
*************************
AdwCleaner[R0].txt - [1327 octets] - [16/08/2014 13:09:41]
AdwCleaner[R1].txt - [5570 octets] - [23/08/2014 18:34:37]
AdwCleaner[S0].txt - [5375 octets] - [23/08/2014 18:39:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5435 octets] ##########
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 24/08/2014 um 10:27:55
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : XXXXX_2 - XXXXXS-ACER
# Gestartet von : C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17239
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
*************************
AdwCleaner[R0].txt - [1327 octets] - [16/08/2014 13:09:41]
AdwCleaner[R1].txt - [11029 octets] - [23/08/2014 18:34:37]
AdwCleaner[S0].txt - [11020 octets] - [23/08/2014 18:39:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11081 octets] ##########
|
|
26.08.2014, 15:40
| #7 |
| /// the machine /// TB-Ausbilder | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Downloade Dir bitte  Malwarebytes Anti-Malware
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.08.2014, 17:49
| #8 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Malwarebytes brachte kein Ergebnis, das war gestern ja auch schon so. JRT.txt: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by XXXXX_2 on 26.08.2014 at 18:22:54,77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\classes\typelib\{006ad7b2-968a-11de-88c9-5bde55d89593}"
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\XXXXX_2\AppData\Roaming\mozilla\firefox\profiles\jozp0725.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.08.2014 at 18:42:13,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03 Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 26-08-2014 18:45:26 Running from C:\Users\XXXXX_2\Desktop Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe (InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\PLFSetI.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe () C:\Programme\FeedReader30\feedreader.exe (J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe () C:\Windows\SysWOW64\PSIService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe () C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe (Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor) HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] () HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.) HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation) HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.) HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten) HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten) HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.) HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.) HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH) HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/ StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default FF Homepage: chrome://speeddial/content/speeddial.xul FF NetworkProxy: "backup.ftp", "76.73.26.77" FF NetworkProxy: "backup.ftp_port", 3128 FF NetworkProxy: "backup.socks", "76.73.26.77" FF NetworkProxy: "backup.socks_port", 3128 FF NetworkProxy: "backup.ssl", "76.73.26.77" FF NetworkProxy: "backup.ssl_port", 3128 FF NetworkProxy: "ftp", "76.73.26.77" FF NetworkProxy: "ftp_port", 3128 FF NetworkProxy: "http", "76.73.26.77" FF NetworkProxy: "http_port", 3128 FF NetworkProxy: "no_proxies_on", "localhost, 127.0.0.1, stealthy.co" FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "76.73.26.77" FF NetworkProxy: "socks_port", 3128 FF NetworkProxy: "ssl", "76.73.26.77" FF NetworkProxy: "ssl_port", 3128 FF NetworkProxy: "type", 4 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll () FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\youtubeunblocker@unblocker.yt [2014-06-20] FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-23] FF Extension: DSL Soforthilfe - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{} [2014-07-23] FF Extension: Video Downloader professional - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\ffext_basicvideoext@startpage24.xpi [2014-08-23] FF Extension: Stealthy - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\stealthyextension@gmail.com.xpi [2011-11-20] FF Extension: Free Hide IP - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\support@free-hideip.com.xpi [2013-04-09] FF Extension: Tab Auto Reload - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\TabAutoReload@schuzak.jp.xpi [2012-07-20] FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2011-08-10] FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-01-14] FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-07] FF Extension: {de5aeb72-ad84-429a-bc36-a15da06270bc} - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\jozp0725.default\Extensions\{de5aeb72-ad84-429a-bc36-a15da06270bc}.xpi [2013-11-14] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-05-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-05-10] FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2012-08-02] FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt FF Extension: Wondershare Video Converter Ultimate - C:\Programme\Video Converter Ultimate\SVRFirefoxExt [2014-02-07] FF HKLM-x32\...\Firefox\Extensions: [{78ee576f-36ab-4371-a938-48cd78cd469e}] - C:\Program Files (x86)\Security Utility\securityutility.xpi FF Extension: No Name - C:\Program Files (x86)\Security Utility\securityutility.xpi [2014-05-29] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-16] FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Programme\Video Converter Ultimate\SVRFirefoxExt Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR DefaultSearchKeyword: qvo6 CHR DefaultSearchProvider: qvo6 CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms} CHR DefaultSuggestURL: CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll () CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11] CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06] CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] () S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software) R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.) S2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed] U2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia) R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] () S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies) S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed] S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] () S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) U4 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-26] (Malwarebytes Corporation) U3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.) S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed] R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia) S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.) R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare) S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X] U3 fwloyuow; \??\C:\Users\XXXXX_2\AppData\Local\Temp\fwloyuow.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt 2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe 2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar 2014-08-25 17:10 - 2014-08-25 17:15 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt 2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe 2014-08-25 16:45 - 2014-08-25 16:47 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt 2014-08-25 16:44 - 2014-08-26 18:45 - 00028764 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt 2014-08-25 16:44 - 2014-08-26 18:45 - 00000000 ____D () C:\FRST 2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe 2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log 2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable 2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe 2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe 2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log 2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe 2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe 2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe 2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software 2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-16 13:09 - 2014-08-25 17:37 - 00000000 ____D () C:\AdwCleaner 2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI 2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe 2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt 2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL 2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL 2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL 2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls 2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls 2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT 2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-08-14 15:58 - 2014-08-26 18:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm 2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility 2014-08-05 19:12 - 2014-08-14 15:26 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-26 18:46 - 2014-08-25 16:44 - 00028764 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt 2014-08-26 18:45 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST 2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt 2014-08-26 18:30 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien 2014-08-26 18:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe 2014-08-26 18:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-26 18:05 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-26 18:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job 2014-08-26 15:49 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing 2014-08-26 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-26 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job 2014-08-26 09:55 - 2010-09-26 08:46 - 01341666 _____ () C:\Windows\WindowsUpdate.log 2014-08-26 09:42 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat 2014-08-26 09:42 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat 2014-08-26 09:42 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-25 17:37 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner 2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar 2014-08-25 17:15 - 2014-08-25 17:10 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt 2014-08-25 16:53 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox 2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe 2014-08-25 16:47 - 2014-08-25 16:45 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt 2014-08-25 16:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-25 16:45 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe 2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log 2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable 2014-08-25 16:42 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2 2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe 2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer 2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log 2014-08-24 17:41 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox 2014-08-24 17:40 - 2012-07-21 14:16 - 00196608 _____ () C:\Windows\system32\Ikeext.etl 2014-08-24 17:39 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-24 17:39 - 2009-07-14 06:51 - 00179046 _____ () C:\Windows\setupact.log 2014-08-24 17:39 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log 2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk 2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast 2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr 2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys 2014-08-24 10:45 - 2014-08-24 10:45 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe 2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter 2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini 2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP 2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses 2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster 2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe 2014-08-24 10:16 - 2014-08-24 10:16 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-08-24 10:16 - 2014-08-24 10:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-08-24 10:16 - 2014-05-10 09:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe 2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe 2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe 2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader 2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed 2014-08-24 10:01 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX 2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed 2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat 2014-08-24 10:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia 2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia 2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software 2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software 2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk 2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI 2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe 2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia 2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt 2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT 2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk 2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil 2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent 2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira 2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk 2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp 2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT 2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate 2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log 2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk 2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT 2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-08-14 15:26 - 2014-08-05 19:12 - 00001083 _____ () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data 2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView 2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee 2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla 2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper 2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm 2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm 2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle 2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log 2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java 2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility 2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll Some content of TEMP: ==================== C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpocq9c7.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-17 11:34 ==================== End Of Log ============================ |
|
27.08.2014, 14:19
| #9 |
| /// the machine /// TB-Ausbilder | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Hier ist vor allem das Zurücksetzen wichtig. ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.08.2014, 19:12
| #10 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Hallo, das Problem ist inzwischen nicht mehr da. Dafür schon mal vielen Dank. Hier nun die Logfiles. ESET - log.txt Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=eb97444b9376274e9154990fa56057fb
# engine=19882
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-28 04:51:34
# local_time=2014-08-28 06:51:34 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 95 349979 375037 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 205117 160874544 0 0
# scanned=351991
# found=2
# cleaned=0
# scan_time=21208
sh=320F08D77850B765EF27CD217381C03EB0EFB190 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\10506d5e.msi"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
Secunia PSI (3.0.0.9016)
Java 7 Update 67
Adobe Flash Player 14.0.0.179
Adobe Reader XI
Mozilla Firefox (31.0)
Google Chrome 36.0.1985.125
Google Chrome 36.0.1985.143
````````Process Check: objlist.exe by Laurent````````
ESET ESET Online Scanner OnlineScannerApp.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by XXXXX_2 (administrator) on XXXXXS-ACER on 28-08-2014 20:06:25
Running from C:\Users\XXXXX_2\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
() C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\PLFSetI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Corel, Inc.) C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(J3S GmbH) C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Siliten) C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA) F:\R+S Homepage\WS_FTP95.exe
(ConTEXT Project Ltd) C:\Program Files\ConTEXT\ConTEXT.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
() C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_179.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Corel) C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-06-09] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [265984 2010-06-29] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [975952 2010-08-10] (Dritek System Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2009-09-28] (CANON INC.)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-K] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\KbClient_FD2.exe [1218048 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Launch SilverCrest DMTS2017-M] => C:\Program Files (x86)\SilverCrest DMTS2017 Driver\MouClient_FD2.exe [860672 2010-06-28] (Siliten)
HKLM-x32\...\Run: [Corel Photo Downloader] => "C:\Program Files (x86)\Corel\Corel MediaOne\Corel PhotoDownloader.exe" -startup
HKLM-x32\...\Run: [Ulead AutoDetector v2] => C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe [95504 2007-08-02] (Ulead Systems, Inc.)
HKLM-x32\...\Run: [Standby] => C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe [105632 2010-05-17] (Corel)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [COMPUTER BILD Account-Alarm] => \COMPUTER BILD Account-Alarm /tray
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-24] (AVAST Software)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [Google Update] => C:\Users\XXXXX_2\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-04-23] (Google Inc.)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [OfficeSyncProcess] => C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE [911040 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\Run: [COMPUTER BILD Account-Alarm] => C:\Program Files (x86)\COMPUTER BILD Account-Alarm\COMPUTER BILD Account-Alarm.exe [2058752 2014-08-07] (J3S GmbH)
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {49193dcf-b7da-11e1-85a0-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {5b63bcb4-48dd-11e1-92be-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {61431bdb-2fe2-11e2-98ec-1c7508023576} - G:\Startme.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {90066f53-bc5d-11e0-9e2a-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {a733176c-bc55-11e0-ac53-1c7508023576} - G:\AutoRun.exe
HKU\S-1-5-21-752392268-3339214621-1681333280-1002\...\MountPoints2: {da0ccac9-ccf1-11e1-8983-1c7508023576} - G:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\XXXXX_2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.soapreichundschoen.de/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pages.tvunetworks.com/WebPlayer -> C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\XXXXX_2\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DownloadHelper - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-08-28]
FF Extension: Speed Dial - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-08-28]
FF Extension: NoScript - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-08-28]
FF Extension: Adblock Plus - C:\Users\XXXXX_2\AppData\Roaming\Mozilla\Firefox\Profiles\l3fhdhg7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-08-28]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchKeyword: qvo6
CHR DefaultSearchProvider: qvo6
CHR DefaultSearchURL: hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD6400BEVT-22A0RT0_WD-WXB1A704768447684&ts=1374655597&type=default&q={searchTerms}
CHR DefaultSuggestURL:
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Freemake np-plugin for google chrome) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.5.5) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U35) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.350.10) - C:\Windows\SysWOW64\npdeployJava1.dll No File
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files (x86)\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (WEB.DE MailCheck) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jaogepninmlbinccpbiakcgiolijlllo [2013-07-11]
CHR Extension: (Google Wallet) - C:\Users\XXXXX_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-16]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-24] (AVAST Software)
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [22528 2011-05-05] () [File not signed]
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] () [File not signed]
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-30] (Acer Incorporated)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 Securepoint VPN; C:\Program Files\Securepoint SSL VPN\SPOpenVPNService.exe [198024 2012-11-01] ()
S2 SkypeUpdate; C:\Programme\skype\Updater\Updater.exe [172192 2013-10-23] (Skype Technologies)
S3 Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [155320 2012-01-18] (Avanquest Software) [File not signed]
S2 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-24] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-24] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-24] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-24] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-24] ()
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-27] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
R2 NPF; C:\Windows\SysWOW64\drivers\npf.sys [50704 2010-03-22] (CACE Technologies, Inc.)
S1 PQNTDrv; C:\Windows\SysWow64\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 wmvad_simple; C:\Windows\System32\drivers\wmvad.sys [23040 2010-12-10] (WonderMedia Technologies, Inc.)
R3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-28 19:58 - 2014-08-28 19:58 - 00854417 _____ () C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
2014-08-28 12:55 - 2014-08-28 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 12:54 - 2014-08-28 12:54 - 02347384 _____ (ESET) C:\Users\XXXXX_2\Downloads\esetsmartinstaller_deu.exe
2014-08-28 12:36 - 2014-08-28 12:36 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 12:01 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Alte Firefox-Daten
2014-08-28 11:45 - 2014-08-28 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\XXXXX_2\Desktop\revosetup95.exe
2014-08-28 11:45 - 2014-08-28 11:45 - 00001228 _____ () C:\Users\XXXXX_2\Desktop\Revo Uninstaller.lnk
2014-08-28 11:45 - 2014-08-28 11:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2014-08-26 22:10 - 2014-08-26 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung
2014-08-26 22:09 - 2014-08-26 22:09 - 00000000 ____D () C:\Windows\SysWOW64\STRING
2014-08-26 22:08 - 2014-08-27 07:10 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-26 21:59 - 2014-08-26 21:59 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:10 - 2014-08-25 17:15 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:45 - 2014-08-25 16:47 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:44 - 2014-08-28 20:06 - 00025462 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-25 16:44 - 2014-08-28 20:06 - 00000000 ____D () C:\FRST
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:42 - 2014-08-25 16:43 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:45 - 2014-08-28 12:20 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-24 10:45 - 2014-08-24 10:46 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:26 - 2014-08-24 17:47 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:13 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:23 - 2014-08-24 10:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:09 - 2014-08-25 17:37 - 00000000 ____D () C:\AdwCleaner
2014-08-16 12:27 - 2014-08-16 13:16 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:10 - 2014-08-16 12:13 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-15 09:41 - 2014-07-16 05:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-15 09:41 - 2014-07-16 04:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-15 09:41 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-15 09:41 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-15 09:41 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-15 09:41 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-15 09:41 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-15 09:40 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-15 09:40 - 2014-07-09 00:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-15 09:40 - 2014-07-09 00:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-15 09:39 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-15 09:39 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 18:51 - 2014-08-16 12:10 - 00000000 ____D () C:\Windows\ERUNT
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:07 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 16:07 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 16:05 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 16:05 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 16:05 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 16:05 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 16:05 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 16:05 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 16:05 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 16:05 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 16:05 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 16:05 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 16:05 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 16:05 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 16:05 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 16:05 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 16:05 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 16:05 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 16:05 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 16:05 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 16:05 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 16:05 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 16:05 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 16:05 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 16:05 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 16:05 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 16:05 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 16:05 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 16:05 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 16:05 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 16:05 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 16:05 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 16:04 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 16:04 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 16:04 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 16:04 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 16:04 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 16:04 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 16:04 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 16:04 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 16:04 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 16:04 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 16:04 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 16:04 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 16:04 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 16:04 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 16:04 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 16:04 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 16:04 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 16:04 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 16:04 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 16:04 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 16:04 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 16:04 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 16:04 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 16:03 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 16:03 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 15:58 - 2014-08-27 21:18 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 15:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-14 15:58 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-14 15:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-14 15:25 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 15:25 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 15:25 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 15:25 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 15:25 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 15:24 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 15:24 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 17:11 - 2014-08-24 10:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-13 16:12 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:35 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-06 11:35 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-06 11:35 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-06 11:34 - 2014-08-06 11:35 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-02 10:21 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 10:21 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 10:21 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 10:21 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 10:20 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 10:20 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 10:20 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 10:19 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 10:19 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-28 20:07 - 2014-08-25 16:44 - 00025462 _____ () C:\Users\XXXXX_2\Desktop\FRST.txt
2014-08-28 20:06 - 2014-08-25 16:44 - 00000000 ____D () C:\FRST
2014-08-28 20:05 - 2012-07-14 11:01 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002UA.job
2014-08-28 19:58 - 2014-08-28 19:58 - 00854417 _____ () C:\Users\XXXXX_2\Desktop\SecurityCheck.exe
2014-08-28 19:40 - 2011-08-16 18:33 - 00000000 ____D () C:\Users\XXXXX_2\Documents\Outlook-Dateien
2014-08-28 19:27 - 2012-04-15 18:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-28 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-08-28 19:17 - 2012-04-23 17:10 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 16:08 - 2010-09-26 08:46 - 01448644 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 15:17 - 2012-04-23 17:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 12:55 - 2014-08-28 12:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-08-28 12:54 - 2014-08-28 12:54 - 02347384 _____ (ESET) C:\Users\XXXXX_2\Downloads\esetsmartinstaller_deu.exe
2014-08-28 12:36 - 2014-08-28 12:36 - 00001123 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00001111 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-28 12:36 - 2014-08-28 12:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-28 12:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-28 12:27 - 2009-07-14 06:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-28 12:20 - 2014-08-24 10:45 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-28 12:20 - 2014-06-09 20:09 - 00000000 ___RD () C:\Users\XXXXX_2\Dropbox
2014-08-28 12:19 - 2013-07-27 10:17 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Dropbox
2014-08-28 12:17 - 2012-07-21 14:16 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-08-28 12:17 - 2011-08-08 17:07 - 00000000 ____D () C:\Users\XXXXX_2
2014-08-28 12:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 12:17 - 2009-07-14 06:51 - 00179158 _____ () C:\Windows\setupact.log
2014-08-28 12:17 - 2009-07-14 06:45 - 00480072 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 12:15 - 2011-08-01 11:55 - 00000000 ___HD () C:\Users\XXXXX
2014-08-28 12:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-08-28 12:01 - 2014-08-28 12:01 - 00000000 ____D () C:\Users\XXXXX_2\Desktop\Alte Firefox-Daten
2014-08-28 11:45 - 2014-08-28 11:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\XXXXX_2\Desktop\revosetup95.exe
2014-08-28 11:45 - 2014-08-28 11:45 - 00001228 _____ () C:\Users\XXXXX_2\Desktop\Revo Uninstaller.lnk
2014-08-28 11:45 - 2014-08-28 11:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-28 10:05 - 2012-07-14 11:01 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-752392268-3339214621-1681333280-1002Core.job
2014-08-28 09:40 - 2010-09-26 18:37 - 00703230 _____ () C:\Windows\system32\perfh007.dat
2014-08-28 09:40 - 2010-09-26 18:37 - 00150838 _____ () C:\Windows\system32\perfc007.dat
2014-08-28 09:40 - 2009-07-14 07:13 - 01629508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 21:18 - 2014-08-14 15:58 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-27 07:10 - 2014-08-26 22:08 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ___HD () C:\ProgramData\CanonIJQuickMenu
2014-08-26 22:13 - 2014-08-26 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series
2014-08-26 22:13 - 2011-08-16 13:44 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-08-26 22:10 - 2014-08-26 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iP7200 series Benutzerregistrierung
2014-08-26 22:09 - 2014-08-26 22:09 - 00000000 ____D () C:\Windows\SysWOW64\STRING
2014-08-26 21:59 - 2014-08-26 21:59 - 00000000 ___HD () C:\ProgramData\CanonIJEGV
2014-08-26 18:42 - 2014-08-26 18:42 - 00000882 _____ () C:\Users\XXXXX_2\Desktop\JRT.txt
2014-08-26 18:22 - 2014-08-26 18:22 - 01016261 _____ (Thisisu) C:\Users\XXXXX_2\Desktop\JRT.exe
2014-08-25 17:37 - 2014-08-16 13:09 - 00000000 ____D () C:\AdwCleaner
2014-08-25 17:33 - 2014-08-25 17:33 - 00007668 _____ () C:\Users\XXXXX_2\Desktop\GMER.rar
2014-08-25 17:15 - 2014-08-25 17:10 - 00346019 _____ () C:\Users\XXXXX_2\Desktop\GMER.txt
2014-08-25 16:49 - 2014-08-25 16:49 - 00380416 _____ () C:\Users\XXXXX_2\Desktop\Gmer-19357.exe
2014-08-25 16:47 - 2014-08-25 16:45 - 00054587 _____ () C:\Users\XXXXX_2\Desktop\Addition.txt
2014-08-25 16:43 - 2014-08-25 16:43 - 02103296 _____ (Farbar) C:\Users\XXXXX_2\Desktop\FRST64.exe
2014-08-25 16:43 - 2014-08-25 16:42 - 00000478 _____ () C:\Users\XXXXX_2\Desktop\defogger_disable.log
2014-08-25 16:42 - 2014-08-25 16:42 - 00000000 _____ () C:\Users\XXXXX_2\defogger_reenable
2014-08-25 16:41 - 2014-08-25 16:41 - 00050477 _____ () C:\Users\XXXXX_2\Desktop\Defogger.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-25 16:34 - 2012-04-15 18:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-08-25 16:34 - 2011-08-01 17:27 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-24 18:03 - 2014-08-24 18:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-08-24 18:03 - 2012-02-22 14:56 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-08-24 18:02 - 2014-08-24 18:02 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-24 17:47 - 2014-08-24 10:26 - 00002426 _____ () C:\Windows\SecuniaPackage.log
2014-08-24 17:38 - 2010-09-26 08:43 - 00773620 _____ () C:\Windows\PFRO.log
2014-08-24 12:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-08-24 10:46 - 2014-08-24 10:46 - 00001970 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-08-24 10:46 - 2014-08-24 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-24 10:46 - 2014-08-24 10:45 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-24 10:45 - 2014-08-24 10:45 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-24 10:45 - 2014-08-24 10:45 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-24 10:45 - 2014-08-24 10:45 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-24 10:43 - 2014-08-24 10:43 - 01364531 _____ () C:\Users\XXXXX_2\Desktop\adwcleaner_3.308.exe
2014-08-24 10:37 - 2012-06-07 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-08-24 10:32 - 2012-09-12 13:11 - 00000000 ___RD () C:\Users\XXXXX_2\Mediencenter
2014-08-24 10:32 - 2011-08-01 13:58 - 00002679 _____ () C:\Windows\wininit.ini
2014-08-24 10:25 - 2013-01-18 12:47 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-24 10:24 - 2014-08-24 10:24 - 00000000 ____D () C:\ProgramData\Licenses
2014-08-24 10:23 - 2014-08-24 10:23 - 00001043 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk
2014-08-24 10:23 - 2014-08-24 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2014-08-24 10:23 - 2014-08-16 13:23 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-08-24 10:22 - 2014-08-24 10:22 - 04095448 _____ (BrightFort LLC ) C:\Users\XXXXX_2\Downloads\spywareblastersetup50.exe
2014-08-24 10:15 - 2014-08-24 10:15 - 01364531 _____ () C:\Users\XXXXX_2\Downloads\adwcleaner_3.308.exe
2014-08-24 10:14 - 2014-08-24 10:14 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0 (1).exe
2014-08-24 10:14 - 2014-08-24 10:13 - 00244408 _____ () C:\Users\XXXXX_2\Downloads\FirefoxSetupStub31.0.exe
2014-08-24 10:01 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-24 10:01 - 2014-06-09 20:07 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-24 10:01 - 2014-04-20 17:28 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\Feedreader
2014-08-24 10:01 - 2011-11-24 17:26 - 00000000 ____D () C:\Windows\system32\Macromed
2014-08-24 10:01 - 2010-09-06 13:36 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-08-24 10:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-24 09:59 - 2011-08-07 13:26 - 00000000 ____D () C:\Programme
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-08-16 13:36 - 2014-08-16 13:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-08-16 13:20 - 2014-08-16 13:20 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\AVAST Software
2014-08-16 13:16 - 2014-08-16 13:16 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-16 13:16 - 2014-08-16 12:27 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-16 12:18 - 2014-08-16 12:18 - 00001033 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2014-08-16 12:18 - 2014-08-16 12:18 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Local\Secunia PSI
2014-08-16 12:17 - 2014-08-16 12:17 - 05329480 _____ (Secunia) C:\Users\XXXXX_2\Desktop\PSISetup_3.0.0.9016.exe
2014-08-16 12:17 - 2014-08-16 12:17 - 00000000 ____D () C:\Program Files (x86)\Secunia
2014-08-16 12:13 - 2014-08-16 12:10 - 00002131 _____ () C:\DelFix.txt
2014-08-16 12:10 - 2014-08-14 18:51 - 00000000 ____D () C:\Windows\ERUNT
2014-08-16 12:02 - 2014-08-16 12:02 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-08-16 12:02 - 2014-08-16 12:02 - 00001983 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-08-16 12:02 - 2010-09-06 13:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-08-16 11:45 - 2011-08-08 15:46 - 00000000 ____D () C:\Program Files (x86)\BILDmobil
2014-08-16 11:44 - 2011-08-11 09:24 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\uTorrent
2014-08-16 11:41 - 2011-10-13 21:15 - 00000000 ____D () C:\ProgramData\Avira
2014-08-16 11:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-15 20:26 - 2013-01-22 18:16 - 00002367 _____ () C:\Users\XXXXX_2\Desktop\Google Chrome.lnk
2014-08-15 13:48 - 2011-08-27 09:11 - 00000000 ____D () C:\Temp
2014-08-15 13:43 - 2011-08-02 08:43 - 00000000 ____D () C:\Program Files\ConTEXT
2014-08-14 18:25 - 2013-01-18 12:36 - 00000000 ____D () C:\ProgramData\InstallMate
2014-08-14 16:13 - 2014-08-14 16:13 - 00001106 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-08-14 16:13 - 00001094 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-14 16:13 - 2014-01-28 18:56 - 00001315 _____ () C:\Windows\system32\TeamViewer9_Hooks.log
2014-08-14 15:58 - 2014-08-14 15:58 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-14 15:58 - 2014-08-14 15:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-14 15:54 - 2014-06-09 20:09 - 00001026 _____ () C:\Users\XXXXX_2\Desktop\Dropbox.lnk
2014-08-14 15:39 - 2013-08-17 09:44 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 15:31 - 2011-08-02 08:54 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 15:30 - 2011-08-16 18:02 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 15:16 - 2012-05-22 20:24 - 00000021 _____ () C:\Users\XXXXX_2\AppData\Local\mc.pixel.data
2014-08-14 15:09 - 2011-08-12 18:01 - 00000000 ____D () C:\Users\XXXXX_2\AppData\Roaming\IrfanView
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-14 15:08 - 2013-03-15 09:05 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-14 15:08 - 2010-09-06 13:28 - 00000000 ____D () C:\ProgramData\McAfee
2014-08-14 15:07 - 2011-08-01 13:58 - 00000000 ___HD () C:\Users\XXXXX\AppData\Roaming\Mozilla
2014-08-13 17:11 - 2014-08-13 17:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-11 10:57 - 2011-08-26 19:38 - 00000000 ____D () C:\Users\XXXXX_2\dwhelper
2014-08-09 12:48 - 2014-08-09 12:48 - 00002617 _____ () C:\Users\Public\Desktop\COMPUTER BILD Account-Alarm.lnk
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTER BILD Account-Alarm
2014-08-09 12:48 - 2014-08-09 12:48 - 00000000 ____D () C:\Program Files (x86)\COMPUTER BILD Account-Alarm
2014-08-06 11:37 - 2014-04-19 19:30 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-06 11:35 - 2014-08-06 11:34 - 00004623 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-06 11:35 - 2011-08-01 14:04 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 19:30 - 2014-08-05 19:30 - 00000000 ____D () C:\Program Files (x86)\Security Utility
2014-08-05 09:20 - 2011-08-02 18:06 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-01 01:41 - 2014-08-14 16:04 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 01:16 - 2014-08-14 16:05 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
Some content of TEMP:
====================
C:\Users\XXXXX_2\AppData\Local\Temp\avgnt.exe
C:\Users\XXXXX_2\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0yphtn.dll
C:\Users\XXXXX_2\AppData\Local\Temp\MSETUP4.EXE
C:\Users\XXXXX_2\AppData\Local\Temp\uninstall.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 22:14
==================== End Of Log ============================
|
|
29.08.2014, 10:46
| #11 |
| /// the machine /// TB-Ausbilder | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Windows\Installer\10506d5e.msi
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.08.2014, 16:42
| #12 |
| | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Hallo, alles erledigt. Die C:\Windows\Installer\10506d5e.msi wurde erfolgreich gelöscht. Den Logfile kann ich leider nicht mehr posten, weil ich die nicht in einem anderen Verzeichnis gesichert hatte, bevor Delfix aufgeräumt hat. Ich hatte aber vorher reingeschaut und gesehen, dass das Löschen geklappt hatte. Die meisten Tipps hatte ich schon umgesetzt und auch schon einiges an Schutzsoftware laufen, WinPatrol, WOT und TFC habe ich nun noch ergänzt. Ich danke für die Hilfe - das Topic kann dann geschlossen werden. |
|
30.08.2014, 07:06
| #13 |
| /// the machine /// TB-Ausbilder | "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett |
| adobe flashplayer, adware, anlage, antivirus, avira, browser, canon, cpu, device driver, dsl, dvdvideosoft ltd., error, firefox, flash player, free youtube downloader, ftp, funktioniert nicht mehr, google, home, homepage, iexplore.exe, launch, mozilla, popup, realtek, registry, rundll, scan, security, software, svchost.exe, system, windows |
Linear-Darstellung
